Merge branch 'mbedtls-2.1'
diff --git a/ChangeLog b/ChangeLog
index e85af2e..ac0e32a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,11 +22,16 @@
enabled unless others were also present. Found by David Fernandez. #428
* Fixed cert_app sample program for debug output and for use when no root
certificates are provided.
+ * Fix conditional statement that would cause a 1 byte overread in
+ mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599
+ * Fixed pthread implementation to avoid unintended double initialisations
+ and double frees. (found by Niklas Amnebratt)
* Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for
builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found
by inestlerode. #559.
- * Fixed pthread implementation to avoid unintended double initialisations
- and double frees. (found by Niklas Amnebratt)
+ * Fix documentation and implementation missmatch for function arguments of
+ mbedtls_gcm_finish(). Found by cmiatpaar. #602
+ * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558
= mbed TLS 2.1.5 branch released 2016-06-28
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index 6743ac9..1b77aae 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -190,8 +190,8 @@
* 16 bytes.
*
* \param ctx GCM context
- * \param tag buffer for holding the tag (may be NULL if tag_len is 0)
- * \param tag_len length of the tag to generate
+ * \param tag buffer for holding the tag
+ * \param tag_len length of the tag to generate (must be at least 4)
*
* \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
*/
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 34998a3..65187f3 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -276,7 +276,7 @@
*
* \note f_rng may be NULL if RSA is used for signature and the
* signature is made offline (otherwise f_rng is desirable
- * for couermeasures against timing attacks).
+ * for countermeasures against timing attacks).
* ECDSA signatures always require a non-NULL f_rng.
*/
int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
diff --git a/library/asn1parse.c b/library/asn1parse.c
index b37523d..36aff6e 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -153,7 +153,7 @@
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
return( ret );
- if( len > sizeof( int ) || ( **p & 0x80 ) != 0 )
+ if( len == 0 || len > sizeof( int ) || ( **p & 0x80 ) != 0 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
*val = 0;
diff --git a/library/gcm.c b/library/gcm.c
index aaacf97..f1210c5 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -415,8 +415,7 @@
if( tag_len > 16 || tag_len < 4 )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
- if( tag_len != 0 )
- memcpy( tag, ctx->base_ectr, tag_len );
+ memcpy( tag, ctx->base_ectr, tag_len );
if( orig_len || orig_add_len )
{
diff --git a/library/rsa.c b/library/rsa.c
index 119431d..76e35de 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -96,7 +96,10 @@
if( f_rng == NULL || nbits < 128 || exponent < 3 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 );
+ if( nbits % 2 )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 );
mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
/*
@@ -110,16 +113,8 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0,
f_rng, p_rng ) );
- if( nbits % 2 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits >> 1 ) + 1, 0,
+ MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
f_rng, p_rng ) );
- }
- else
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
- f_rng, p_rng ) );
- }
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
continue;
@@ -128,6 +123,9 @@
if( mbedtls_mpi_bitlen( &ctx->N ) != nbits )
continue;
+ if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
+ mbedtls_mpi_swap( &ctx->P, &ctx->Q );
+
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) );
diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data
index d522332..af16880 100644
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@@ -361,7 +361,7 @@
mbedtls_rsa_gen_key:2048:3:0
RSA Generate Key - 1025 bit key
-mbedtls_rsa_gen_key:1025:3:0
+mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSA PKCS1 Encrypt Bad RNG
depends_on:MBEDTLS_PKCS1_V15
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 59cbb5c..b1bc19e 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -678,6 +678,7 @@
if( result == 0 )
{
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
}
exit: