From 865c8996816945cfdc1aeab7921e85534c9ae223 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 4 Oct 2016 12:06:50 +0100 Subject: [PATCH 1/7] Fix typo in docs for mbedtls_x509write_csr_der() --- include/mbedtls/x509_csr.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 34998a3a5..65187f38b 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -276,7 +276,7 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s * * \note f_rng may be NULL if RSA is used for signature and the * signature is made offline (otherwise f_rng is desirable - * for couermeasures against timing attacks). + * for countermeasures against timing attacks). * ECDSA signatures always require a non-NULL f_rng. */ int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, From fbd1cd9d57075ee22c60aa03efe4b9e3eac0f65b Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 26 Sep 2016 09:52:41 +0100 Subject: [PATCH 2/7] Fix 1 byte overread in mbedtls_asn1_get_int() --- ChangeLog | 2 ++ library/asn1parse.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a217fa61b..4430d75e8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ Bugfix enabled unless others were also present. Found by David Fernandez. #428 * Fixed cert_app sample program for debug output and for use when no root certificates are provided. + * Fix conditional statement that would cause a 1 byte overread in + mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. diff --git a/library/asn1parse.c b/library/asn1parse.c index b37523def..36aff6ed5 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -153,7 +153,7 @@ int mbedtls_asn1_get_int( unsigned char **p, if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) return( ret ); - if( len > sizeof( int ) || ( **p & 0x80 ) != 0 ) + if( len == 0 || len > sizeof( int ) || ( **p & 0x80 ) != 0 ) return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); *val = 0; From d5e33f14df4a4c0bcc075c0e77a647c9a7009c24 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 12 Oct 2016 16:37:59 +0100 Subject: [PATCH 3/7] Updated Changelog for fix #599 --- ChangeLog | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4430d75e8..096d6ab17 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,12 +13,12 @@ Bugfix * Fixed cert_app sample program for debug output and for use when no root certificates are provided. * Fix conditional statement that would cause a 1 byte overread in - mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. + mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599 + * Fixed pthread implementation to avoid unintended double initialisations + and double frees. (found by Niklas Amnebratt) * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. - * Fixed pthread implementation to avoid unintended double initialisations - and double frees. (found by Niklas Amnebratt) = mbed TLS 2.1.5 branch released 2016-06-28 From 6c05208f9663c85bae3fb76204fd74432e1e5948 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 26 Sep 2016 10:09:30 +0100 Subject: [PATCH 4/7] Fix documentation for mbedtls_gcm_finish() Fix implementation and documentation missmatch for the function arguments to mbedtls_gcm_finish(). Also, removed redundant if condition that always evaluates to true. --- ChangeLog | 2 ++ include/mbedtls/gcm.h | 4 ++-- library/gcm.c | 3 +-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 096d6ab17..420f285d4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,8 @@ Bugfix * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. + * Fix documentation and implementation missmatch for function arguments of + mbedtls_gcm_finish(). Found by cmiatpaar. = mbed TLS 2.1.5 branch released 2016-06-28 diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 6743ac9a5..1b77aaedd 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -190,8 +190,8 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, * 16 bytes. * * \param ctx GCM context - * \param tag buffer for holding the tag (may be NULL if tag_len is 0) - * \param tag_len length of the tag to generate + * \param tag buffer for holding the tag + * \param tag_len length of the tag to generate (must be at least 4) * * \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT */ diff --git a/library/gcm.c b/library/gcm.c index aaacf97d6..f1210c52c 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -415,8 +415,7 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, if( tag_len > 16 || tag_len < 4 ) return( MBEDTLS_ERR_GCM_BAD_INPUT ); - if( tag_len != 0 ) - memcpy( tag, ctx->base_ectr, tag_len ); + memcpy( tag, ctx->base_ectr, tag_len ); if( orig_len || orig_add_len ) { From 6f066a8636537da39382cdae1416416bce363674 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 12 Oct 2016 19:47:29 +0100 Subject: [PATCH 5/7] Clarified Changelog for fix #602 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 420f285d4..527068598 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,7 +20,7 @@ Bugfix builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. * Fix documentation and implementation missmatch for function arguments of - mbedtls_gcm_finish(). Found by cmiatpaar. + mbedtls_gcm_finish(). Found by cmiatpaar. #602 = mbed TLS 2.1.5 branch released 2016-06-28 From 95b303648c5ce206b56d6c94acdd84a4def0c5a9 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 21 Sep 2016 13:18:12 +0100 Subject: [PATCH 6/7] Restore P>Q in RSA key generation (#558) The PKCS#1 standard says nothing about the relation between P and Q but many libraries guarantee P>Q and mbed TLS did so too in earlier versions. This commit restores this behaviour. --- ChangeLog | 1 + library/rsa.c | 18 ++++++++---------- tests/suites/test_suite_rsa.data | 2 +- tests/suites/test_suite_rsa.function | 1 + 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 527068598..36dc90e9d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,7 @@ Bugfix by inestlerode. #559. * Fix documentation and implementation missmatch for function arguments of mbedtls_gcm_finish(). Found by cmiatpaar. #602 + * Guarantee that P>Q at RSA key generation. #558 = mbed TLS 2.1.5 branch released 2016-06-28 diff --git a/library/rsa.c b/library/rsa.c index 119431d8f..76e35dea3 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -96,7 +96,10 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, if( f_rng == NULL || nbits < 128 || exponent < 3 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); + if( nbits % 2 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); /* @@ -110,16 +113,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0, f_rng, p_rng ) ); - if( nbits % 2 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits >> 1 ) + 1, 0, + MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, f_rng, p_rng ) ); - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, - f_rng, p_rng ) ); - } if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) continue; @@ -128,6 +123,9 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, if( mbedtls_mpi_bitlen( &ctx->N ) != nbits ) continue; + if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 ) + mbedtls_mpi_swap( &ctx->P, &ctx->Q ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) ); diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index d522332a2..af168805f 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -361,7 +361,7 @@ RSA Generate Key - 2048 bit key mbedtls_rsa_gen_key:2048:3:0 RSA Generate Key - 1025 bit key -mbedtls_rsa_gen_key:1025:3:0 +mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 59cbb5c97..b1bc19ea7 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -678,6 +678,7 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) if( result == 0 ) { TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 ); } exit: From 759b5a128628ae0cb29bbdd6b25ce048ce345f12 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 13 Oct 2016 00:14:37 +0100 Subject: [PATCH 7/7] Added credit to Changelog for fix #558 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 36dc90e9d..d28d2c7b1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,7 +21,7 @@ Bugfix by inestlerode. #559. * Fix documentation and implementation missmatch for function arguments of mbedtls_gcm_finish(). Found by cmiatpaar. #602 - * Guarantee that P>Q at RSA key generation. #558 + * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558 = mbed TLS 2.1.5 branch released 2016-06-28