mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 01:15:36 +00:00
Merge pull request #4100 from d-otte/mbedtls-2.16
Backport 2.16: wrong RSA_PRV_DER_MAX_BYTES for odd MBEDTLS_MPI_MAX_SIZE
This commit is contained in:
commit
fee234afcd
7
ChangeLog.d/issue4093.txt
Normal file
7
ChangeLog.d/issue4093.txt
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
Security
|
||||||
|
* Fix an errorneous estimation for an internal buffer in
|
||||||
|
mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
|
||||||
|
value the function might fail to write a private RSA keys of the largest
|
||||||
|
supported size.
|
||||||
|
Found by Daniel Otte, reported in #4093 and fixed in #4094,
|
||||||
|
backported in #4100.
|
|
@ -455,7 +455,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
|
||||||
* publicExponent INTEGER -- e 1 + 3 + MPI_MAX + 1
|
* publicExponent INTEGER -- e 1 + 3 + MPI_MAX + 1
|
||||||
* }
|
* }
|
||||||
*/
|
*/
|
||||||
#define RSA_PUB_DER_MAX_BYTES 38 + 2 * MBEDTLS_MPI_MAX_SIZE
|
#define RSA_PUB_DER_MAX_BYTES ( 38 + 2 * MBEDTLS_MPI_MAX_SIZE )
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* RSA private keys:
|
* RSA private keys:
|
||||||
|
@ -472,10 +472,10 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
|
||||||
* otherPrimeInfos OtherPrimeInfos OPTIONAL 0 (not supported)
|
* otherPrimeInfos OtherPrimeInfos OPTIONAL 0 (not supported)
|
||||||
* }
|
* }
|
||||||
*/
|
*/
|
||||||
#define MPI_MAX_SIZE_2 MBEDTLS_MPI_MAX_SIZE / 2 + \
|
#define MPI_MAX_SIZE_2 ( MBEDTLS_MPI_MAX_SIZE / 2 + \
|
||||||
MBEDTLS_MPI_MAX_SIZE % 2
|
MBEDTLS_MPI_MAX_SIZE % 2 )
|
||||||
#define RSA_PRV_DER_MAX_BYTES 47 + 3 * MBEDTLS_MPI_MAX_SIZE \
|
#define RSA_PRV_DER_MAX_BYTES ( 47 + 3 * MBEDTLS_MPI_MAX_SIZE \
|
||||||
+ 5 * MPI_MAX_SIZE_2
|
+ 5 * MPI_MAX_SIZE_2 )
|
||||||
|
|
||||||
#else /* MBEDTLS_RSA_C */
|
#else /* MBEDTLS_RSA_C */
|
||||||
|
|
||||||
|
@ -496,7 +496,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
|
||||||
* + 2 * ECP_MAX (coords) [1]
|
* + 2 * ECP_MAX (coords) [1]
|
||||||
* }
|
* }
|
||||||
*/
|
*/
|
||||||
#define ECP_PUB_DER_MAX_BYTES 30 + 2 * MBEDTLS_ECP_MAX_BYTES
|
#define ECP_PUB_DER_MAX_BYTES ( 30 + 2 * MBEDTLS_ECP_MAX_BYTES )
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* EC private keys:
|
* EC private keys:
|
||||||
|
@ -507,7 +507,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
|
||||||
* publicKey [1] BIT STRING OPTIONAL 1 + 2 + [1] above
|
* publicKey [1] BIT STRING OPTIONAL 1 + 2 + [1] above
|
||||||
* }
|
* }
|
||||||
*/
|
*/
|
||||||
#define ECP_PRV_DER_MAX_BYTES 29 + 3 * MBEDTLS_ECP_MAX_BYTES
|
#define ECP_PRV_DER_MAX_BYTES ( 29 + 3 * MBEDTLS_ECP_MAX_BYTES )
|
||||||
|
|
||||||
#else /* MBEDTLS_ECP_C */
|
#else /* MBEDTLS_ECP_C */
|
||||||
|
|
||||||
|
@ -516,10 +516,10 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
|
||||||
|
|
||||||
#endif /* MBEDTLS_ECP_C */
|
#endif /* MBEDTLS_ECP_C */
|
||||||
|
|
||||||
#define PUB_DER_MAX_BYTES RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
|
#define PUB_DER_MAX_BYTES ( RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
|
||||||
RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES
|
RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES )
|
||||||
#define PRV_DER_MAX_BYTES RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
|
#define PRV_DER_MAX_BYTES ( RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
|
||||||
RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES
|
RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES )
|
||||||
|
|
||||||
int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
|
int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue