TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e893b669de5ad68745f4c7f038e6375c41fd9fca^! / .
commite893b669de5ad68745f4c7f038e6375c41fd9fca[log] [tgz]
authorPaul Bakker <p.j.bakker@polarssl.org>Thu Apr 26 19:30:20 2012 +0000
committerPaul Bakker <p.j.bakker@polarssl.org>Thu Apr 26 19:30:20 2012 +0000
tree40d954a879a3189347afdc91cad41cb4685278c2
parent145e68119b5c296f386d8346ecd51700196e955b [diff]
 - Updated polarssl-1.1 branch with merged trunk patches


diff --git a/ChangeLog b/ChangeLog
index 0c2b401..bb475e3 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,6 +1,6 @@
 PolarSSL ChangeLog
 
-= Version 1.1.2 released on 2012-04-20
+= Version 1.1.2 released on 2012-04-26
 Bugfix
    * Fixed handling error in mpi_cmp_mpi() on longer B values (found by
      Hui Dong)

diff --git a/include/polarssl/dhm.h b/include/polarssl/dhm.h
index 52b0bf9..0c8dd55 100644
--- a/include/polarssl/dhm.h
+++ b/include/polarssl/dhm.h

@@ -36,7 +36,7 @@
 #define POLARSSL_ERR_DHM_READ_PARAMS_FAILED                -0x3100  /**< Reading of the DHM parameters failed. */
 #define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED                -0x3180  /**< Making of the DHM parameters failed. */
 #define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED                -0x3200  /**< Reading of the public values failed. */
-#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED                -0x3280  /**< Makeing of the public value failed. */
+#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED                -0x3280  /**< Making of the public value failed. */
 #define POLARSSL_ERR_DHM_CALC_SECRET_FAILED                -0x3300  /**< Calculation of the DHM secret failed. */
 
 /**
@@ -109,7 +109,7 @@
  * \brief          Create own private value X and export G^X
  *
  * \param ctx      DHM context
- * \param x_size   private value size in bits
+ * \param x_size   private value size in bytes
  * \param output   destination buffer
  * \param olen     must be equal to ctx->P.len
  * \param f_rng    RNG function

diff --git a/library/cipher.c b/library/cipher.c
index 485a09b..0e1224c 100644
--- a/library/cipher.c
+++ b/library/cipher.c

@@ -245,7 +245,7 @@
     if( NULL == cipher_info || NULL == ctx )
         return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
 
-    memset( ctx, 0, sizeof( ctx ) );
+    memset( ctx, 0, sizeof( cipher_context_t ) );
 
     if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
         return POLARSSL_ERR_CIPHER_ALLOC_FAILED;

diff --git a/library/dhm.c b/library/dhm.c
index eb77871..e399f42 100644
--- a/library/dhm.c
+++ b/library/dhm.c

@@ -61,15 +61,15 @@
 }
 
 /*
- * Verify sanity of public parameter with regards to P
+ * Verify sanity of parameter with regards to P
  *
- * Public parameter should be: 2 <= public_param <= P - 2
+ * Parameter should be: 2 <= public_param <= P - 2
  *
  * For more information on the attack, see:
  *  http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
  *  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
  */
-static int dhm_check_range( const mpi *public_param, const mpi *P )
+static int dhm_check_range( const mpi *param, const mpi *P )
 {
     mpi L, U;
     int ret = POLARSSL_ERR_DHM_BAD_INPUT_DATA;
@@ -78,8 +78,8 @@
     mpi_lset( &L, 2 );
     mpi_sub_int( &U, P, 2 );
 
-    if( mpi_cmp_mpi( public_param, &L ) >= 0 &&
-        mpi_cmp_mpi( public_param, &U ) <= 0 )
+    if( mpi_cmp_mpi( param, &L ) >= 0 &&
+        mpi_cmp_mpi( param, &U ) <= 0 )
     {
         ret = 0;
     }
@@ -130,17 +130,24 @@
                      int (*f_rng)(void *, unsigned char *, size_t),
                      void *p_rng )
 {
-    int ret;
+    int ret, count = 0;
     size_t n1, n2, n3;
     unsigned char *p;
 
     /*
      * Generate X as large as possible ( < P )
      */
-    mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );
+    do
+    {
+        mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );
 
-    while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
-           mpi_shift_r( &ctx->X, 1 );
+        while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
+            mpi_shift_r( &ctx->X, 1 );
+
+        if( count++ > 10 )
+            return( POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED );
+    }
+    while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
 
     /*
      * Calculate GX = G^X mod P
@@ -205,7 +212,7 @@
                      int (*f_rng)(void *, unsigned char *, size_t),
                      void *p_rng )
 {
-    int ret;
+    int ret, count = 0;
 
     if( ctx == NULL || olen < 1 || olen > ctx->len )
         return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
@@ -213,10 +220,17 @@
     /*
      * generate X and calculate GX = G^X mod P
      */
-    mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );
+    do
+    {
+        mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );
 
-    while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
-           mpi_shift_r( &ctx->X, 1 );
+        while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
+            mpi_shift_r( &ctx->X, 1 );
+
+        if( count++ > 10 )
+            return( POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED );
+    }
+    while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
 
     MPI_CHK( mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
                           &ctx->P , &ctx->RP ) );

diff --git a/library/md.c b/library/md.c
index d15bf1d..96065c9 100644
--- a/library/md.c
+++ b/library/md.c

@@ -152,11 +152,10 @@
 
 int md_init_ctx( md_context_t *ctx, const md_info_t *md_info )
 {
-    if( md_info == NULL )
+    if( md_info == NULL || ctx == NULL )
         return POLARSSL_ERR_MD_BAD_INPUT_DATA;
 
-    if( ctx == NULL || ctx->md_ctx != NULL )
-        return POLARSSL_ERR_MD_BAD_INPUT_DATA;
+    memset( ctx, 0, sizeof( md_context_t ) );
 
     if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL )
         return POLARSSL_ERR_MD_ALLOC_FAILED;