mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 19:24:20 +01:00
Merge remote-tracking branch 'upstream-restricted/pr/406' into mbedtls-2.1-restricted
This commit is contained in:
commit
9aab6995a9
@ -23,6 +23,8 @@ Security
|
|||||||
Changes were introduced in multiple places in the library.
|
Changes were introduced in multiple places in the library.
|
||||||
* Set PEM buffer to zero before freeing it, to avoid decoded private keys
|
* Set PEM buffer to zero before freeing it, to avoid decoded private keys
|
||||||
being leaked to memory after release.
|
being leaked to memory after release.
|
||||||
|
* Fix dhm_check_range() failing to detect trivial subgroups and potentially
|
||||||
|
leaking 1 bit of the private key. Reported by prashantkspatil.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
|
* Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
|
||||||
|
@ -90,6 +90,9 @@ static int dhm_read_bignum( mbedtls_mpi *X,
|
|||||||
*
|
*
|
||||||
* Parameter should be: 2 <= public_param <= P - 2
|
* Parameter should be: 2 <= public_param <= P - 2
|
||||||
*
|
*
|
||||||
|
* This means that we need to return an error if
|
||||||
|
* public_param < 2 or public_param > P-2
|
||||||
|
*
|
||||||
* For more information on the attack, see:
|
* For more information on the attack, see:
|
||||||
* http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
|
* http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
|
||||||
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
|
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
|
||||||
@ -97,17 +100,17 @@ static int dhm_read_bignum( mbedtls_mpi *X,
|
|||||||
static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
|
static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
|
||||||
{
|
{
|
||||||
mbedtls_mpi L, U;
|
mbedtls_mpi L, U;
|
||||||
int ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
|
int ret = 0;
|
||||||
|
|
||||||
mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U );
|
mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U );
|
||||||
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) );
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) );
|
||||||
|
|
||||||
if( mbedtls_mpi_cmp_mpi( param, &L ) >= 0 &&
|
if( mbedtls_mpi_cmp_mpi( param, &L ) < 0 ||
|
||||||
mbedtls_mpi_cmp_mpi( param, &U ) <= 0 )
|
mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
|
||||||
{
|
{
|
||||||
ret = 0;
|
ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
|
||||||
}
|
}
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
|
@ -1,11 +1,23 @@
|
|||||||
Diffie-Hellman full exchange #1
|
Diffie-Hellman full exchange #1
|
||||||
dhm_do_dhm:10:"23":10:"5"
|
dhm_do_dhm:10:"23":10:"5":0
|
||||||
|
|
||||||
Diffie-Hellman full exchange #2
|
Diffie-Hellman full exchange #2
|
||||||
dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
|
dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622":0
|
||||||
|
|
||||||
Diffie-Hellman full exchange #3
|
Diffie-Hellman full exchange #3
|
||||||
dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":10:"9345098309485093845098340962223981329819812792137312973297123912791271"
|
dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":10:"9345098309485093845098340962223981329819812792137312973297123912791271":0
|
||||||
|
|
||||||
|
Diffie-Hellman trivial subgroup #1
|
||||||
|
dhm_do_dhm:10:"23":10:"1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
|
||||||
|
|
||||||
|
Diffie-Hellman trivial subgroup #2
|
||||||
|
dhm_do_dhm:10:"23":10:"-1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
|
||||||
|
|
||||||
|
Diffie-Hellman small modulus
|
||||||
|
dhm_do_dhm:10:"3":10:"5":MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED
|
||||||
|
|
||||||
|
Diffie-Hellman zero modulus
|
||||||
|
dhm_do_dhm:10:"0":10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
|
||||||
|
|
||||||
Diffie-Hallman load parameters from file
|
Diffie-Hallman load parameters from file
|
||||||
dhm_file:"data_files/dhparams.pem":"9e35f430443a09904f3a39a979797d070df53378e79c2438bef4e761f3c714553328589b041c809be1d6c6b5f1fc9f47d3a25443188253a992a56818b37ba9de5a40d362e56eff0be5417474c125c199272c8fe41dea733df6f662c92ae76556e755d10c64e6a50968f67fc6ea73d0dca8569be2ba204e23580d8bca2f4975b3":"02":128
|
dhm_file:"data_files/dhparams.pem":"9e35f430443a09904f3a39a979797d070df53378e79c2438bef4e761f3c714553328589b041c809be1d6c6b5f1fc9f47d3a25443188253a992a56818b37ba9de5a40d362e56eff0be5417474c125c199272c8fe41dea733df6f662c92ae76556e755d10c64e6a50968f67fc6ea73d0dca8569be2ba204e23580d8bca2f4975b3":"02":128
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE */
|
||||||
void dhm_do_dhm( int radix_P, char *input_P,
|
void dhm_do_dhm( int radix_P, char *input_P,
|
||||||
int radix_G, char *input_G )
|
int radix_G, char *input_G, int result )
|
||||||
{
|
{
|
||||||
mbedtls_dhm_context ctx_srv;
|
mbedtls_dhm_context ctx_srv;
|
||||||
mbedtls_dhm_context ctx_cli;
|
mbedtls_dhm_context ctx_cli;
|
||||||
@ -44,7 +44,10 @@ void dhm_do_dhm( int radix_P, char *input_P,
|
|||||||
/*
|
/*
|
||||||
* First key exchange
|
* First key exchange
|
||||||
*/
|
*/
|
||||||
TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &rnd_pseudo_rand, &rnd_info ) == result );
|
||||||
|
if ( result != 0 )
|
||||||
|
goto exit;
|
||||||
|
|
||||||
ske[ske_len++] = 0;
|
ske[ske_len++] = 0;
|
||||||
ske[ske_len++] = 0;
|
ske[ske_len++] = 0;
|
||||||
TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 );
|
TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 );
|
||||||
|
Loading…
Reference in New Issue
Block a user