- Updated polarssl-1.1 branch with merged trunk patches

This commit is contained in:
Paul Bakker 2012-04-26 19:30:20 +00:00
parent 145e68119b
commit e893b669de
5 changed files with 33 additions and 20 deletions

View File

@ -1,6 +1,6 @@
PolarSSL ChangeLog
= Version 1.1.2 released on 2012-04-20
= Version 1.1.2 released on 2012-04-26
Bugfix
* Fixed handling error in mpi_cmp_mpi() on longer B values (found by
Hui Dong)

View File

@ -36,7 +36,7 @@
#define POLARSSL_ERR_DHM_READ_PARAMS_FAILED -0x3100 /**< Reading of the DHM parameters failed. */
#define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED -0x3180 /**< Making of the DHM parameters failed. */
#define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED -0x3200 /**< Reading of the public values failed. */
#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 /**< Makeing of the public value failed. */
#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 /**< Making of the public value failed. */
#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED -0x3300 /**< Calculation of the DHM secret failed. */
/**
@ -109,7 +109,7 @@ int dhm_read_public( dhm_context *ctx,
* \brief Create own private value X and export G^X
*
* \param ctx DHM context
* \param x_size private value size in bits
* \param x_size private value size in bytes
* \param output destination buffer
* \param olen must be equal to ctx->P.len
* \param f_rng RNG function

View File

@ -245,7 +245,7 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
if( NULL == cipher_info || NULL == ctx )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
memset( ctx, 0, sizeof( ctx ) );
memset( ctx, 0, sizeof( cipher_context_t ) );
if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
return POLARSSL_ERR_CIPHER_ALLOC_FAILED;

View File

@ -61,15 +61,15 @@ static int dhm_read_bignum( mpi *X,
}
/*
* Verify sanity of public parameter with regards to P
* Verify sanity of parameter with regards to P
*
* Public parameter should be: 2 <= public_param <= P - 2
* Parameter should be: 2 <= public_param <= P - 2
*
* For more information on the attack, see:
* http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
*/
static int dhm_check_range( const mpi *public_param, const mpi *P )
static int dhm_check_range( const mpi *param, const mpi *P )
{
mpi L, U;
int ret = POLARSSL_ERR_DHM_BAD_INPUT_DATA;
@ -78,8 +78,8 @@ static int dhm_check_range( const mpi *public_param, const mpi *P )
mpi_lset( &L, 2 );
mpi_sub_int( &U, P, 2 );
if( mpi_cmp_mpi( public_param, &L ) >= 0 &&
mpi_cmp_mpi( public_param, &U ) <= 0 )
if( mpi_cmp_mpi( param, &L ) >= 0 &&
mpi_cmp_mpi( param, &U ) <= 0 )
{
ret = 0;
}
@ -130,18 +130,25 @@ int dhm_make_params( dhm_context *ctx, int x_size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
int ret, count = 0;
size_t n1, n2, n3;
unsigned char *p;
/*
* Generate X as large as possible ( < P )
*/
do
{
mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );
while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
mpi_shift_r( &ctx->X, 1 );
if( count++ > 10 )
return( POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED );
}
while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
/*
* Calculate GX = G^X mod P
*/
@ -205,7 +212,7 @@ int dhm_make_public( dhm_context *ctx, int x_size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
int ret, count = 0;
if( ctx == NULL || olen < 1 || olen > ctx->len )
return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
@ -213,11 +220,18 @@ int dhm_make_public( dhm_context *ctx, int x_size,
/*
* generate X and calculate GX = G^X mod P
*/
do
{
mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );
while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
mpi_shift_r( &ctx->X, 1 );
if( count++ > 10 )
return( POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED );
}
while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
MPI_CHK( mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
&ctx->P , &ctx->RP ) );

View File

@ -152,11 +152,10 @@ const md_info_t *md_info_from_type( md_type_t md_type )
int md_init_ctx( md_context_t *ctx, const md_info_t *md_info )
{
if( md_info == NULL )
if( md_info == NULL || ctx == NULL )
return POLARSSL_ERR_MD_BAD_INPUT_DATA;
if( ctx == NULL || ctx->md_ctx != NULL )
return POLARSSL_ERR_MD_BAD_INPUT_DATA;
memset( ctx, 0, sizeof( md_context_t ) );
if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL )
return POLARSSL_ERR_MD_ALLOC_FAILED;