mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-27 21:31:05 +00:00
DHM: add notes about leading zeros
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
a16001e2d9
commit
104eb82ec1
|
@ -223,7 +223,8 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
|
|||
goto cleanup;
|
||||
|
||||
/*
|
||||
* export P, G, GX
|
||||
* Export P, G, GX. RFC 5246 §4.4 states that "leading zero octets are
|
||||
* not required". We omit leading zeros for compactness.
|
||||
*/
|
||||
#define DHM_MPI_EXPORT( X, n ) \
|
||||
do { \
|
||||
|
@ -436,8 +437,9 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
|
|||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
|
||||
}
|
||||
|
||||
/* Output the secret without any leading zero byte. This is mandatory
|
||||
* for TLS per RFC 5246 §8.1.2. */
|
||||
*olen = mbedtls_mpi_size( &ctx->K );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->K, output, *olen ) );
|
||||
|
||||
cleanup:
|
||||
|
|
|
@ -16,6 +16,8 @@ static int check_dhm_param_output( const mbedtls_mpi *expected,
|
|||
TEST_ASSERT( size >= *offset + 2 );
|
||||
n = ( buffer[*offset] << 8 ) | buffer[*offset + 1];
|
||||
*offset += 2;
|
||||
/* The DHM param output from Mbed TLS has leading zeros stripped, as
|
||||
* permitted but not required by RFC 5246 \S4.4. */
|
||||
TEST_EQUAL( n, mbedtls_mpi_size( expected ) );
|
||||
TEST_ASSERT( size >= *offset + n );
|
||||
TEST_EQUAL( 0, mbedtls_mpi_read_binary( &actual, buffer + *offset, n ) );
|
||||
|
|
Loading…
Reference in a new issue