Merge branch 'development'

This commit is contained in:
Simon Butcher 2016-10-13 13:40:41 +01:00
commit 1c8b33ad19
9 changed files with 30 additions and 19 deletions

View file

@ -37,13 +37,16 @@ Bugfix
a contribution from Tobias Tangemann. #541 a contribution from Tobias Tangemann. #541
* Fixed cert_app sample program for debug output and for use when no root * Fixed cert_app sample program for debug output and for use when no root
certificates are provided. certificates are provided.
* Fix conditional statement that would cause a 1 byte overread in
mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599
* Fixed pthread implementation to avoid unintended double initialisations * Fixed pthread implementation to avoid unintended double initialisations
and double frees. (found by Niklas Amnebratt) and double frees. (found by Niklas Amnebratt)
* Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for
builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found
by inestlerode. #559. by inestlerode. #559.
* Fixed default threading implementation to avoid accidental double * Fix documentation and implementation missmatch for function arguments of
initialisations and double frees. mbedtls_gcm_finish(). Found by cmiatpaar. #602
* Guarantee that P>Q at RSA key generation. Found by inestlerode. #558
Changes Changes
* Extended test coverage of special cases, and added new timing test suite. * Extended test coverage of special cases, and added new timing test suite.

View file

@ -190,8 +190,8 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
* 16 bytes. * 16 bytes.
* *
* \param ctx GCM context * \param ctx GCM context
* \param tag buffer for holding the tag (may be NULL if tag_len is 0) * \param tag buffer for holding the tag
* \param tag_len length of the tag to generate * \param tag_len length of the tag to generate (must be at least 4)
* *
* \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT * \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
*/ */

View file

@ -153,7 +153,7 @@ int mbedtls_asn1_get_int( unsigned char **p,
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
return( ret ); return( ret );
if( len > sizeof( int ) || ( **p & 0x80 ) != 0 ) if( len == 0 || len > sizeof( int ) || ( **p & 0x80 ) != 0 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
*val = 0; *val = 0;

View file

@ -415,8 +415,7 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
if( tag_len > 16 || tag_len < 4 ) if( tag_len > 16 || tag_len < 4 )
return( MBEDTLS_ERR_GCM_BAD_INPUT ); return( MBEDTLS_ERR_GCM_BAD_INPUT );
if( tag_len != 0 ) memcpy( tag, ctx->base_ectr, tag_len );
memcpy( tag, ctx->base_ectr, tag_len );
if( orig_len || orig_add_len ) if( orig_len || orig_add_len )
{ {

View file

@ -102,6 +102,9 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
if( f_rng == NULL || nbits < 128 || exponent < 3 ) if( f_rng == NULL || nbits < 128 || exponent < 3 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
if( nbits % 2 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 );
mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
@ -116,16 +119,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0, MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0,
f_rng, p_rng ) ); f_rng, p_rng ) );
if( nbits % 2 ) MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
{
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits >> 1 ) + 1, 0,
f_rng, p_rng ) ); f_rng, p_rng ) );
}
else
{
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
f_rng, p_rng ) );
}
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
continue; continue;
@ -134,6 +129,9 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
if( mbedtls_mpi_bitlen( &ctx->N ) != nbits ) if( mbedtls_mpi_bitlen( &ctx->N ) != nbits )
continue; continue;
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
mbedtls_mpi_swap( &ctx->P, &ctx->Q );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) );

View file

@ -140,6 +140,11 @@ static int restore_output( FILE** out_stream, int old_fd )
return 0; return 0;
} }
static void close_output( FILE* out_stream )
{
fclose( out_stream );
}
#endif /* __unix__ || __APPLE__ __MACH__ */ #endif /* __unix__ || __APPLE__ __MACH__ */
static int unhexify( unsigned char *obuf, const char *ibuf ) static int unhexify( unsigned char *obuf, const char *ibuf )

View file

@ -261,7 +261,7 @@ int main(int argc, const char *argv[])
char buf[5000]; char buf[5000];
char *params[50]; char *params[50];
void *pointer; void *pointer;
int stdout_fd = 0; int stdout_fd = -1;
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
!defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
@ -499,6 +499,11 @@ int main(int argc, const char *argv[])
mbedtls_memory_buffer_alloc_free(); mbedtls_memory_buffer_alloc_free();
#endif #endif
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
if( stdout_fd != -1 )
close_output( stdout );
#endif /* __unix__ || __APPLE__ __MACH__ */
return( total_errors != 0 ); return( total_errors != 0 );
} }

View file

@ -361,7 +361,7 @@ RSA Generate Key - 2048 bit key
mbedtls_rsa_gen_key:2048:3:0 mbedtls_rsa_gen_key:2048:3:0
RSA Generate Key - 1025 bit key RSA Generate Key - 1025 bit key
mbedtls_rsa_gen_key:1025:3:0 mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSA PKCS1 Encrypt Bad RNG RSA PKCS1 Encrypt Bad RNG
depends_on:MBEDTLS_PKCS1_V15 depends_on:MBEDTLS_PKCS1_V15

View file

@ -678,6 +678,7 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
if( result == 0 ) if( result == 0 )
{ {
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
} }
exit: exit: