yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #2920 from gilles-peskine-arm/pk_signature_max_size-tls

Browse source 
Use MBEDTLS_PK_SIGNATURE_MAX_SIZE
This commit is contained in:
Gilles Peskine 2019-11-14 10:22:32 +01:00 committed by GitHub
commit b9b5f493d3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 5 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
crypto

@ -1 +1 @@
Subproject commit 3cdb3da3a0c1631e14434a219dfa787513a915a7
Subproject commit 0b3dd8d0249adb54abc7ad46303f3c22e44aefb7

12
library/x509write_crt.c
View file

@ -45,16 +45,6 @@
#include "mbedtls/pem.h"
#endif /* MBEDTLS_PEM_WRITE_C */
/*
* For the currently used signature algorithms the buffer to store any signature
* must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
*/
#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
#else
#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
#endif
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
{
memset( ctx, 0, sizeof( mbedtls_x509write_cert ) );
@ -347,7 +337,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx,
size_t sig_oid_len = 0;
unsigned char *c, *c2;
unsigned char hash[64];
unsigned char sig[SIGNATURE_MAX_SIZE];
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;

12
library/x509write_csr.c
View file

@ -49,16 +49,6 @@
#include "mbedtls/pem.h"
#endif
/*
* For the currently used signature algorithms the buffer to store any signature
* must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
*/
#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
#else
#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
#endif
void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
{
memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
@ -148,7 +138,7 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s
size_t sig_oid_len = 0;
unsigned char *c, *c2;
unsigned char hash[64];
unsigned char sig[SIGNATURE_MAX_SIZE];
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
unsigned char tmp_buf[2048];
size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;

13
programs/pkey/pk_sign.c
View file

@ -60,17 +60,6 @@ int main( void )
#include <stdio.h>
#include <string.h>
/*
* For the currently used signature algorithms the buffer to store any signature
* must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
*/
#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
#else
#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
#endif
int main( int argc, char *argv[] )
{
FILE *f;
@ -80,7 +69,7 @@ int main( int argc, char *argv[] )
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char hash[32];
unsigned char buf[SIGNATURE_MAX_SIZE];
unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
char filename[512];
const char *pers = "mbedtls_pk_sign";
size_t olen = 0;

2
programs/pkey/pk_verify.c
View file

@ -65,7 +65,7 @@ int main( int argc, char *argv[] )
size_t i;
mbedtls_pk_context pk;
unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
char filename[512];
mbedtls_pk_init( &pk );

17
tests/scripts/all.sh
View file

@ -649,23 +649,6 @@ component_check_doxygen_warnings () {
#### Build and test many configurations and targets
################################################################
component_test_large_ecdsa_key_signature () {
SMALL_MPI_MAX_SIZE=136 # Small enough to interfere with the EC signatures
msg "build: cmake + MBEDTLS_MPI_MAX_SIZE=${SMALL_MPI_MAX_SIZE}, gcc, ASan" # ~ 1 min 50s
scripts/config.py set MBEDTLS_MPI_MAX_SIZE $SMALL_MPI_MAX_SIZE
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
INEVITABLY_PRESENT_FILE=Makefile
SIGNATURE_FILE="${INEVITABLY_PRESENT_FILE}.sig" # Warning, this is rm -f'ed below
msg "test: pk_sign secp521r1_prv.der for MBEDTLS_MPI_MAX_SIZE=${SMALL_MPI_MAX_SIZE} (ASan build)" # ~ 5s
if_build_succeeded programs/pkey/pk_sign tests/data_files/secp521r1_prv.der $INEVITABLY_PRESENT_FILE
rm -f $SIGNATURE_FILE
}
component_test_default_out_of_box () {
msg "build: make, default config (out-of-box)" # ~1min
make