Merge branch 'development'
This commit is contained in:
Simon Butcher
commit
1c8b33ad19
9 changed files with 30 additions and 19 deletions
|
|
@ -37,13 +37,16 @@ Bugfix
|
||||||
a contribution from Tobias Tangemann. #541
|
a contribution from Tobias Tangemann. #541
|
||||||
* Fixed cert_app sample program for debug output and for use when no root
|
* Fixed cert_app sample program for debug output and for use when no root
|
||||||
certificates are provided.
|
certificates are provided.
|
||||||
|
* Fix conditional statement that would cause a 1 byte overread in
|
||||||
|
mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599
|
||||||
* Fixed pthread implementation to avoid unintended double initialisations
|
* Fixed pthread implementation to avoid unintended double initialisations
|
||||||
and double frees. (found by Niklas Amnebratt)
|
and double frees. (found by Niklas Amnebratt)
|
||||||
* Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for
|
* Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for
|
||||||
builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found
|
builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found
|
||||||
by inestlerode. #559.
|
by inestlerode. #559.
|
||||||
* Fixed default threading implementation to avoid accidental double
|
* Fix documentation and implementation missmatch for function arguments of
|
||||||
initialisations and double frees.
|
mbedtls_gcm_finish(). Found by cmiatpaar. #602
|
||||||
|
* Guarantee that P>Q at RSA key generation. Found by inestlerode. #558
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Extended test coverage of special cases, and added new timing test suite.
|
* Extended test coverage of special cases, and added new timing test suite.
|
||||||
|
|
|
||||||
|
|
@ -190,8 +190,8 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
||||||
* 16 bytes.
|
* 16 bytes.
|
||||||
*
|
*
|
||||||
* \param ctx GCM context
|
* \param ctx GCM context
|
||||||
* \param tag buffer for holding the tag (may be NULL if tag_len is 0)
|
* \param tag buffer for holding the tag
|
||||||
* \param tag_len length of the tag to generate
|
* \param tag_len length of the tag to generate (must be at least 4)
|
||||||
*
|
*
|
||||||
* \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
|
* \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
|
||||||
*/
|
*/
|
||||||
|
|
|
||||||
|
|
@ -153,7 +153,7 @@ int mbedtls_asn1_get_int( unsigned char **p,
|
||||||
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
|
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
|
||||||
if( len > sizeof( int ) || ( **p & 0x80 ) != 0 )
|
if( len == 0 || len > sizeof( int ) || ( **p & 0x80 ) != 0 )
|
||||||
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
|
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
|
||||||
|
|
||||||
*val = 0;
|
*val = 0;
|
||||||
|
|
|
||||||
|
|
@ -415,8 +415,7 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
|
||||||
if( tag_len > 16 || tag_len < 4 )
|
if( tag_len > 16 || tag_len < 4 )
|
||||||
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||||
|
|
||||||
if( tag_len != 0 )
|
memcpy( tag, ctx->base_ectr, tag_len );
|
||||||
memcpy( tag, ctx->base_ectr, tag_len );
|
|
||||||
|
|
||||||
if( orig_len || orig_add_len )
|
if( orig_len || orig_add_len )
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -102,7 +102,10 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
||||||
if( f_rng == NULL || nbits < 128 || exponent < 3 )
|
if( f_rng == NULL || nbits < 128 || exponent < 3 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 );
|
if( nbits % 2 )
|
||||||
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 );
|
||||||
mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
|
mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -116,16 +119,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0,
|
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0,
|
||||||
f_rng, p_rng ) );
|
f_rng, p_rng ) );
|
||||||
|
|
||||||
if( nbits % 2 )
|
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
|
||||||
{
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits >> 1 ) + 1, 0,
|
|
||||||
f_rng, p_rng ) );
|
f_rng, p_rng ) );
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
|
|
||||||
f_rng, p_rng ) );
|
|
||||||
}
|
|
||||||
|
|
||||||
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
|
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
|
||||||
continue;
|
continue;
|
||||||
|
|
@ -134,6 +129,9 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
||||||
if( mbedtls_mpi_bitlen( &ctx->N ) != nbits )
|
if( mbedtls_mpi_bitlen( &ctx->N ) != nbits )
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
|
||||||
|
mbedtls_mpi_swap( &ctx->P, &ctx->Q );
|
||||||
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) );
|
||||||
|
|
|
||||||
|
|
@ -140,6 +140,11 @@ static int restore_output( FILE** out_stream, int old_fd )
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void close_output( FILE* out_stream )
|
||||||
|
{
|
||||||
|
fclose( out_stream );
|
||||||
|
}
|
||||||
#endif /* __unix__ || __APPLE__ __MACH__ */
|
#endif /* __unix__ || __APPLE__ __MACH__ */
|
||||||
|
|
||||||
static int unhexify( unsigned char *obuf, const char *ibuf )
|
static int unhexify( unsigned char *obuf, const char *ibuf )
|
||||||
|
|
|
||||||
|
|
@ -261,7 +261,7 @@ int main(int argc, const char *argv[])
|
||||||
char buf[5000];
|
char buf[5000];
|
||||||
char *params[50];
|
char *params[50];
|
||||||
void *pointer;
|
void *pointer;
|
||||||
int stdout_fd = 0;
|
int stdout_fd = -1;
|
||||||
|
|
||||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
|
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
|
||||||
!defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
|
!defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
|
||||||
|
|
@ -499,6 +499,11 @@ int main(int argc, const char *argv[])
|
||||||
mbedtls_memory_buffer_alloc_free();
|
mbedtls_memory_buffer_alloc_free();
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
|
||||||
|
if( stdout_fd != -1 )
|
||||||
|
close_output( stdout );
|
||||||
|
#endif /* __unix__ || __APPLE__ __MACH__ */
|
||||||
|
|
||||||
return( total_errors != 0 );
|
return( total_errors != 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -361,7 +361,7 @@ RSA Generate Key - 2048 bit key
|
||||||
mbedtls_rsa_gen_key:2048:3:0
|
mbedtls_rsa_gen_key:2048:3:0
|
||||||
|
|
||||||
RSA Generate Key - 1025 bit key
|
RSA Generate Key - 1025 bit key
|
||||||
mbedtls_rsa_gen_key:1025:3:0
|
mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||||
|
|
||||||
RSA PKCS1 Encrypt Bad RNG
|
RSA PKCS1 Encrypt Bad RNG
|
||||||
depends_on:MBEDTLS_PKCS1_V15
|
depends_on:MBEDTLS_PKCS1_V15
|
||||||
|
|
|
||||||
|
|
@ -678,6 +678,7 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
|
||||||
if( result == 0 )
|
if( result == 0 )
|
||||||
{
|
{
|
||||||
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
|
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue