From 031d6335b7e762cb8ae8dd7fb44e04a22235f978 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 1 May 2019 17:09:11 +0100 Subject: [PATCH 1/2] Fix mpi_bigendian_to_host() on bigendian systems The previous implementation of mpi_bigendian_to_host() did a byte-swapping regardless of the endianness of the system. Fixes #2622. --- library/bignum.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 98ee12a71..b5e022ac7 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -742,10 +742,15 @@ cleanup: static mbedtls_mpi_uint mpi_uint_bigendian_to_host_c( mbedtls_mpi_uint x ) { uint8_t i; + unsigned char *x_ptr; mbedtls_mpi_uint tmp = 0; - /* This works regardless of the endianness. */ - for( i = 0; i < ciL; i++, x >>= 8 ) - tmp |= ( x & 0xFF ) << ( ( ciL - 1 - i ) << 3 ); + + for( i = 0, x_ptr = (unsigned char*) &x; i < ciL; i++, x_ptr++ ) + { + tmp <<= CHAR_BIT; + tmp |= (mbedtls_mpi_uint) *x_ptr; + } + return( tmp ); } From 5f9aa2be7d20cc8248b3d8e115213ffe2e6ea638 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 2 May 2019 09:33:56 +0100 Subject: [PATCH 2/2] Adapt ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 58ff14734..e429caf8e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,9 @@ Bugfix for the parameter. * Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl sni entry parameter. Reported by inestlerode in #560. + * Fix bug in endianness conversion in bignum module. This lead to + functionally incorrect code on bigendian systems which don't have + __BYTE_ORDER__ defined. Reported by Brendan Shanks. Fixes #2622. Changes * Server's RSA certificate in certs.c was SHA-1 signed. In the default