-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wrong RSA_PRV_DER_MAX_BYTES for odd MBEDTLS_MPI_MAX_SIZE #4094
Conversation
…MAX_SIZE is odd. if MBEDTLS_MPI_MAX_SIZE is odd then RSA_PRV_DER_MAX_BYTES will be two less than expected, since the macros are lacking parentheses. Signed-off-by: Daniel Otte <d.otte@wut.de>
…ble mistakes in usage. Signed-off-by: Daniel Otte <d.otte@wut.de>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @d-otte, thanks for the well written bug report and subsequent PR. I'm generally happy with this PR apart from a few minor house-keeping points shown below.
Also as you mentioned in your issue, this bug exists in the 2.16 branch as well as the 2.7 branch. Could you please provide backports for both of these branches along with the changelog entry (mentioned below).
Signed-off-by: Daniel Otte <d.otte@wut.de>
Thanks for adding the changelog @d-otte! Unfortunately it now seems to be failing CI (trailing whitespace and missing newline in the changelog). Could you please fix these errors and also rename the changelog entry to "Security" as opposed to "Bugfix" as I think this constitutes a security risk due to the potential buffer overflow. Sorry if my earlier wording was not clear on this. |
Signed-off-by: Daniel Otte <d.otte@wut.de>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm happy with this now, thanks for making the changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
@d-otte Thank you for your contribution!
This is the PR for issue #4093
Description
It adds parenthesis to fix the computation of
RSA_PRV_DER_MAX_BYTES
and also adds parenthesis to other macros to make them safer to use.