From fc17c88e80d2946cc48d6bbd91432cdcb45dbc92 Mon Sep 17 00:00:00 2001 From: Rob Swindell Date: Wed, 27 Sep 2017 17:12:19 -0700 Subject: [PATCH 01/17] Update rsa_import.c Bug-fix: MAX_RSA_SIZE is the maximum RSA key size in *bits* (as commented in tomcrypt_custom.h), so the proper conversion to bytes (as the argument value to XCALLOC) would be to divide by 8 (bits per byte), not multiply by 8. This excessive allocation (32 Kbytes instead of 512 bytes) is readily apparent in memory-constrained environments. --- src/pk/rsa/rsa_import.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pk/rsa/rsa_import.c b/src/pk/rsa/rsa_import.c index 7140a7383..4602904f2 100644 --- a/src/pk/rsa/rsa_import.c +++ b/src/pk/rsa/rsa_import.c @@ -40,7 +40,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) } /* see if the OpenSSL DER format RSA public key will work */ - tmpbuf_len = MAX_RSA_SIZE * 8; + tmpbuf_len = MAX_RSA_SIZE / 8; tmpbuf = XCALLOC(1, tmpbuf_len); if (tmpbuf == NULL) { err = CRYPT_MEM; From 04975a84a7fa0bdc610e77affc4cdf32a3a7daac Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 29 Sep 2017 10:02:23 +0200 Subject: [PATCH 02/17] print info when doing a debug build --- makefile_include.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/makefile_include.mk b/makefile_include.mk index 762c69500..03a8ccf2e 100644 --- a/makefile_include.mk +++ b/makefile_include.mk @@ -76,6 +76,7 @@ endif LTC_CFLAGS += -Wno-type-limits ifdef LTC_DEBUG +$(info Debug build) # compile for DEBUGGING (required for ccmalloc checking!!!) LTC_CFLAGS += -g3 -DLTC_NO_ASM ifneq (,$(strip $(LTC_DEBUG))) From 2b8d83ff93da0764f19f494de0a8211515428cef Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 29 Sep 2017 10:12:52 +0200 Subject: [PATCH 03/17] fix bit-length check in der_decode_raw_bit_string() --- src/pk/asn1/der/bit/der_decode_raw_bit_string.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pk/asn1/der/bit/der_decode_raw_bit_string.c b/src/pk/asn1/der/bit/der_decode_raw_bit_string.c index 9b8bbaccd..e6a59a088 100644 --- a/src/pk/asn1/der/bit/der_decode_raw_bit_string.c +++ b/src/pk/asn1/der/bit/der_decode_raw_bit_string.c @@ -77,7 +77,7 @@ int der_decode_raw_bit_string(const unsigned char *in, unsigned long inlen, blen = ((dlen - 1) << 3) - (in[x++] & 7); /* too many bits? */ - if (blen > *outlen) { + if (blen/8 > *outlen) { *outlen = blen; return CRYPT_BUFFER_OVERFLOW; } From 9a6c349ac484f043c4a29c726d55acedd8b5bf82 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 29 Sep 2017 10:16:42 +0200 Subject: [PATCH 04/17] don't over-allocate that much in der_decode_subject_public_key_info() --- src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c b/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c index 2d865a350..1948e160b 100644 --- a/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c +++ b/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c @@ -58,7 +58,7 @@ int der_decode_subject_public_key_info(const unsigned char *in, unsigned long in } /* see if the OpenSSL DER format RSA public key will work */ - tmpbuf = XCALLOC(1, LTC_DER_MAX_PUBKEY_SIZE*8); + tmpbuf = XCALLOC(1, inlen); if (tmpbuf == NULL) { err = CRYPT_MEM; goto LBL_ERR; @@ -72,7 +72,7 @@ int der_decode_subject_public_key_info(const unsigned char *in, unsigned long in * in a **BIT** string ... so we have to extract it then proceed to convert bit to octet */ LTC_SET_ASN1(subject_pubkey, 0, LTC_ASN1_SEQUENCE, alg_id, 2); - LTC_SET_ASN1(subject_pubkey, 1, LTC_ASN1_RAW_BIT_STRING, tmpbuf, LTC_DER_MAX_PUBKEY_SIZE*8); + LTC_SET_ASN1(subject_pubkey, 1, LTC_ASN1_RAW_BIT_STRING, tmpbuf, inlen); err=der_decode_sequence(in, inlen, subject_pubkey, 2UL); if (err != CRYPT_OK) { From 53e93f0f51ebe1627658bf8859f6722618ee05dc Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 29 Sep 2017 17:56:37 +0200 Subject: [PATCH 05/17] fixup #290 --- tests/der_test.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/der_test.c b/tests/der_test.c index 9b21b2614..9fa942e2c 100644 --- a/tests/der_test.c +++ b/tests/der_test.c @@ -239,8 +239,8 @@ SEQUENCE(3 elem) static void _der_tests_print_flexi(ltc_asn1_list* l, unsigned int level) { char buf[1024]; - char* name = NULL; - char* text = NULL; + const char* name = NULL; + const char* text = NULL; ltc_asn1_list* ostring = NULL; unsigned int n; From a26e9eca270809f438e846b1d9ff9ba322da62ca Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 29 Sep 2017 17:58:42 +0200 Subject: [PATCH 06/17] add tests for MAX_RSA_SIZE sized openssl-standard RSA keys --- tests/rsa_test.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/tests/rsa_test.c b/tests/rsa_test.c index 241732970..79f49ca58 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -285,6 +285,63 @@ static int rsa_compat_test(void) return 0; } +static int _rsa_key_cmp(const int should_type, const rsa_key *should, const rsa_key *is) +{ + if(should_type != is->type) + return CRYPT_ERROR; + if(should_type == PK_PRIVATE) { + if(mp_cmp(should->q, is->q) != LTC_MP_EQ) + return CRYPT_ERROR; + if(mp_cmp(should->p, is->p) != LTC_MP_EQ) + return CRYPT_ERROR; + if(mp_cmp(should->qP, is->qP) != LTC_MP_EQ) + return CRYPT_ERROR; + if(mp_cmp(should->dP, is->dP) != LTC_MP_EQ) + return CRYPT_ERROR; + if(mp_cmp(should->dQ, is->dQ) != LTC_MP_EQ) + return CRYPT_ERROR; + if(mp_cmp(should->d, is->d) != LTC_MP_EQ) + return CRYPT_ERROR; + } + if(mp_cmp(should->N, is->N) != LTC_MP_EQ) + return CRYPT_ERROR; + if(mp_cmp(should->e, is->e) != LTC_MP_EQ) + return CRYPT_ERROR; + return CRYPT_OK; +} + +static int _rsa_issue_301(int prng_idx) +{ + rsa_key key, key_in; + unsigned char buf[MAX_RSA_SIZE]; + unsigned long len; + + DO(rsa_make_key(&yarrow_prng, prng_idx, MAX_RSA_SIZE/8, 65537, &key)); + + len = sizeof(buf); + DO(rsa_export(buf, &len, PK_PRIVATE, &key)); + DO(rsa_import(buf, len, &key_in)); + + DO(_rsa_key_cmp(PK_PRIVATE, &key, &key_in)); + rsa_free(&key_in); + + len = sizeof(buf); + DO(rsa_export(buf, &len, PK_PUBLIC, &key)); + DO(rsa_import(buf, len, &key_in)); + + DO(_rsa_key_cmp(PK_PUBLIC, &key, &key_in)); + rsa_free(&key_in); + + len = sizeof(buf); + DO(rsa_export(buf, &len, PK_PUBLIC | PK_STD, &key)); + DO(rsa_import(buf, len, &key_in)); + + DO(_rsa_key_cmp(PK_PUBLIC, &key, &key_in)); + rsa_free(&key_in); + + return 0; +} + int rsa_test(void) { unsigned char in[1024], out[1024], tmp[3072]; @@ -308,6 +365,10 @@ int rsa_test(void) return 1; } + if (_rsa_issue_301(prng_idx) != 0) { + return 1; + } + /* make 10 random key */ for (cnt = 0; cnt < 10; cnt++) { DO(rsa_make_key(&yarrow_prng, prng_idx, 1024/8, 65537, &key)); From cdc6a99d4c61b7c12fe4f825d366d033c2c92fe3 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 29 Sep 2017 18:18:35 +0200 Subject: [PATCH 07/17] fix rsa_import() of MAX_RSA_SIZE'ed keys The ASN1 encoded RSA key contains two MPI's therefore MAX_RSA_SIZE / 8 isn't enough. --- src/pk/rsa/rsa_import.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pk/rsa/rsa_import.c b/src/pk/rsa/rsa_import.c index 4602904f2..84cd6f650 100644 --- a/src/pk/rsa/rsa_import.c +++ b/src/pk/rsa/rsa_import.c @@ -40,7 +40,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) } /* see if the OpenSSL DER format RSA public key will work */ - tmpbuf_len = MAX_RSA_SIZE / 8; + tmpbuf_len = inlen; tmpbuf = XCALLOC(1, tmpbuf_len); if (tmpbuf == NULL) { err = CRYPT_MEM; From e72b7f37b5a91ea569be667e436c16d3c4c06750 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 29 Sep 2017 18:21:17 +0200 Subject: [PATCH 08/17] mostly remove MAX_RSA_SIZE --- src/headers/tomcrypt_custom.h | 11 ----------- src/misc/crypt/crypt.c | 3 --- src/misc/crypt/crypt_constants.c | 3 --- src/pk/dsa/dsa_import.c | 2 +- src/pk/rsa/rsa_import_x509.c | 2 +- 5 files changed, 2 insertions(+), 19 deletions(-) diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index e1de24880..66c6afc50 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -438,17 +438,6 @@ #endif #endif -/* in cases where you want ASN.1/DER functionality, but no - * RSA, you can define this externally if 1024 is not enough - */ -#if defined(LTC_MRSA) -#define LTC_DER_MAX_PUBKEY_SIZE MAX_RSA_SIZE -#elif !defined(LTC_DER_MAX_PUBKEY_SIZE) -/* this includes DSA */ -#define LTC_DER_MAX_PUBKEY_SIZE 1024 -#endif - - /* PKCS #1 (RSA) and #5 (Password Handling) stuff */ #ifndef LTC_NO_PKCS diff --git a/src/misc/crypt/crypt.c b/src/misc/crypt/crypt.c index 4ab62756e..8cecb32e2 100644 --- a/src/misc/crypt/crypt.c +++ b/src/misc/crypt/crypt.c @@ -399,9 +399,6 @@ const char *crypt_build_settings = #if defined(LTC_DER) " DER " #endif -#if defined(LTC_DER_MAX_PUBKEY_SIZE) - " " NAME_VALUE(LTC_DER_MAX_PUBKEY_SIZE) " " -#endif #if defined(LTC_PKCS_1) " PKCS#1 " #endif diff --git a/src/misc/crypt/crypt_constants.c b/src/misc/crypt/crypt_constants.c index c63d3f84b..496d25779 100644 --- a/src/misc/crypt/crypt_constants.c +++ b/src/misc/crypt/crypt_constants.c @@ -107,9 +107,6 @@ static const crypt_constant _crypt_constants[] = { {"LTC_MDSA", 0}, #endif -#ifdef LTC_DER_MAX_PUBKEY_SIZE - _C_STRINGIFY(LTC_DER_MAX_PUBKEY_SIZE), -#endif #ifdef LTC_MILLER_RABIN_REPS _C_STRINGIFY(LTC_MILLER_RABIN_REPS), #endif diff --git a/src/pk/dsa/dsa_import.c b/src/pk/dsa/dsa_import.c index f1f063368..e6a756027 100644 --- a/src/pk/dsa/dsa_import.c +++ b/src/pk/dsa/dsa_import.c @@ -90,7 +90,7 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key) key->type = PK_PRIVATE; } else { /* public */ ltc_asn1_list params[3]; - unsigned long tmpbuf_len = LTC_DER_MAX_PUBKEY_SIZE*8; + unsigned long tmpbuf_len = inlen; LTC_SET_ASN1(params, 0, LTC_ASN1_INTEGER, key->p, 1UL); LTC_SET_ASN1(params, 1, LTC_ASN1_INTEGER, key->q, 1UL); diff --git a/src/pk/rsa/rsa_import_x509.c b/src/pk/rsa/rsa_import_x509.c index c57d6ea8f..0f2d5f1ce 100644 --- a/src/pk/rsa/rsa_import_x509.c +++ b/src/pk/rsa/rsa_import_x509.c @@ -39,7 +39,7 @@ int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key) return err; } - tmpbuf_len = MAX_RSA_SIZE * 8; + tmpbuf_len = inlen; tmpbuf = XCALLOC(1, tmpbuf_len); if (tmpbuf == NULL) { err = CRYPT_MEM; From 74f65f02bc9179d0ea18e02fbeb9207aada39d02 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 29 Sep 2017 18:33:00 +0200 Subject: [PATCH 09/17] update README [skip ci] --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4b254c084..e6902b5e0 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ The following list is a small part of the available, but the most often required | ---- | -------- | | `LTC_NO_TEST` | Remove all algorithm self-tests from the library | | `LTC_NO_FILE` | Remove all API functions requiring a pre-defined `FILE` data-type (mostly useful for embedded targets) | -| `MAX_RSA_SIZE` | Per default set to `4096`, if you need support for importing or generating bigger RSA keys, change this at compile-time. | +| `MAX_RSA_SIZE` | Per default set to `4096`, if you need support for generating bigger RSA keys, change this at compile-time. | | `GMP_DESC` | enable [gmp](https://gmplib.org/) as MPI provider *\*1* | | `LTM_DESC` | enable [libtommath](http://www.libtom.net/) as MPI provider *\*1* | | `TFM_DESC` | enable [tomsfastmath](http://www.libtom.net/) as MPI provider *\*1* *\*2* | From 7198e8e5c10f46fa79ac80aa5109a3cdd71bbc4b Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sat, 30 Sep 2017 01:18:30 +0200 Subject: [PATCH 10/17] also clear bits in der_decode_raw_bit_string() --- src/pk/asn1/der/bit/der_decode_raw_bit_string.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/pk/asn1/der/bit/der_decode_raw_bit_string.c b/src/pk/asn1/der/bit/der_decode_raw_bit_string.c index e6a59a088..41e4849f8 100644 --- a/src/pk/asn1/der/bit/der_decode_raw_bit_string.c +++ b/src/pk/asn1/der/bit/der_decode_raw_bit_string.c @@ -17,6 +17,7 @@ #ifdef LTC_DER #define SETBIT(v, n) (v=((unsigned char)(v) | (1U << (unsigned char)(n)))) +#define CLRBIT(v, n) (v=((unsigned char)(v) & ~(1U << (unsigned char)(n)))) /** Store a BIT STRING @@ -86,6 +87,8 @@ int der_decode_raw_bit_string(const unsigned char *in, unsigned long inlen, for (y = 0; y < blen; y++) { if (in[x] & (1 << (7 - (y & 7)))) { SETBIT(out[y/8], 7-(y%8)); + } else { + CLRBIT(out[y/8], 7-(y%8)); } if ((y & 7) == 7) { ++x; From 548ee347c0d3366a41e5fa28ac3c0b44b362fdb5 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sat, 30 Sep 2017 01:27:20 +0200 Subject: [PATCH 11/17] catch case where blen%8 != 0 --- src/pk/asn1/der/bit/der_decode_raw_bit_string.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pk/asn1/der/bit/der_decode_raw_bit_string.c b/src/pk/asn1/der/bit/der_decode_raw_bit_string.c index 41e4849f8..f40d6e190 100644 --- a/src/pk/asn1/der/bit/der_decode_raw_bit_string.c +++ b/src/pk/asn1/der/bit/der_decode_raw_bit_string.c @@ -78,7 +78,7 @@ int der_decode_raw_bit_string(const unsigned char *in, unsigned long inlen, blen = ((dlen - 1) << 3) - (in[x++] & 7); /* too many bits? */ - if (blen/8 > *outlen) { + if ((blen + 7)/8 > *outlen) { *outlen = blen; return CRYPT_BUFFER_OVERFLOW; } From 576f578e8548229edf8e9088b180312f4f2cfc11 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sat, 30 Sep 2017 13:29:11 +0200 Subject: [PATCH 12/17] remove {MIN,MAX}_RSA_SIZE --- README.md | 1 - demos/demo_dynamic.py | 2 +- src/headers/tomcrypt_custom.h | 13 ------------- src/misc/crypt/crypt_constants.c | 2 -- src/pk/rsa/rsa_make_key.c | 4 ---- tests/rsa_test.c | 4 ++-- 6 files changed, 3 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index e6902b5e0..c1fca7df5 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,6 @@ The following list is a small part of the available, but the most often required | ---- | -------- | | `LTC_NO_TEST` | Remove all algorithm self-tests from the library | | `LTC_NO_FILE` | Remove all API functions requiring a pre-defined `FILE` data-type (mostly useful for embedded targets) | -| `MAX_RSA_SIZE` | Per default set to `4096`, if you need support for generating bigger RSA keys, change this at compile-time. | | `GMP_DESC` | enable [gmp](https://gmplib.org/) as MPI provider *\*1* | | `LTM_DESC` | enable [libtommath](http://www.libtom.net/) as MPI provider *\*1* | | `TFM_DESC` | enable [tomsfastmath](http://www.libtom.net/) as MPI provider *\*1* *\*2* | diff --git a/demos/demo_dynamic.py b/demos/demo_dynamic.py index dbfb10a13..a0699e46c 100644 --- a/demos/demo_dynamic.py +++ b/demos/demo_dynamic.py @@ -150,7 +150,7 @@ def inprint(s, indent=0): b'ENDIAN_LITTLE', b'ENDIAN_64BITWORD', b'PK_PUBLIC', - b'MAX_RSA_SIZE', + b'LTC_MILLER_RABIN_REPS', b'CTR_COUNTER_BIG_ENDIAN', ] for name in names: diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index 66c6afc50..923400aa6 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -425,19 +425,6 @@ #define LTC_ECC_TIMING_RESISTANT #endif -/* define these PK sizes out of LTC_NO_PK - * to have them always defined - */ -#if defined(LTC_MRSA) -/* Min and Max RSA key sizes (in bits) */ -#ifndef MIN_RSA_SIZE -#define MIN_RSA_SIZE 1024 -#endif -#ifndef MAX_RSA_SIZE -#define MAX_RSA_SIZE 4096 -#endif -#endif - /* PKCS #1 (RSA) and #5 (Password Handling) stuff */ #ifndef LTC_NO_PKCS diff --git a/src/misc/crypt/crypt_constants.c b/src/misc/crypt/crypt_constants.c index 496d25779..a7418d5ec 100644 --- a/src/misc/crypt/crypt_constants.c +++ b/src/misc/crypt/crypt_constants.c @@ -77,8 +77,6 @@ static const crypt_constant _crypt_constants[] = { #ifdef LTC_MRSA {"LTC_MRSA", 1}, - _C_STRINGIFY(MIN_RSA_SIZE), - _C_STRINGIFY(MAX_RSA_SIZE), #else {"LTC_MRSA", 0}, #endif diff --git a/src/pk/rsa/rsa_make_key.c b/src/pk/rsa/rsa_make_key.c index 065f733f4..8ba6ab168 100644 --- a/src/pk/rsa/rsa_make_key.c +++ b/src/pk/rsa/rsa_make_key.c @@ -32,10 +32,6 @@ int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key) LTC_ARGCHK(ltc_mp.name != NULL); LTC_ARGCHK(key != NULL); - if ((size < (MIN_RSA_SIZE/8)) || (size > (MAX_RSA_SIZE/8))) { - return CRYPT_INVALID_KEYSIZE; - } - if ((e < 3) || ((e & 1) == 0)) { return CRYPT_INVALID_ARG; } diff --git a/tests/rsa_test.c b/tests/rsa_test.c index 79f49ca58..998bdda88 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -313,10 +313,10 @@ static int _rsa_key_cmp(const int should_type, const rsa_key *should, const rsa_ static int _rsa_issue_301(int prng_idx) { rsa_key key, key_in; - unsigned char buf[MAX_RSA_SIZE]; + unsigned char buf[4096]; unsigned long len; - DO(rsa_make_key(&yarrow_prng, prng_idx, MAX_RSA_SIZE/8, 65537, &key)); + DO(rsa_make_key(&yarrow_prng, prng_idx, sizeof(buf)/8, 65537, &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); From 21aa37e714a56b1e3d97dcaaa1d5c77579eb4fe1 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sat, 30 Sep 2017 13:36:27 +0200 Subject: [PATCH 13/17] format code --- src/pk/asn1/der/bit/der_decode_raw_bit_string.c | 16 ++++++++-------- src/pk/asn1/der/bit/der_encode_raw_bit_string.c | 12 ++++++------ .../der_encode_subject_public_key_info.c | 2 +- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/src/pk/asn1/der/bit/der_decode_raw_bit_string.c b/src/pk/asn1/der/bit/der_decode_raw_bit_string.c index f40d6e190..400f2405d 100644 --- a/src/pk/asn1/der/bit/der_decode_raw_bit_string.c +++ b/src/pk/asn1/der/bit/der_decode_raw_bit_string.c @@ -85,14 +85,14 @@ int der_decode_raw_bit_string(const unsigned char *in, unsigned long inlen, /* decode/store the bits */ for (y = 0; y < blen; y++) { - if (in[x] & (1 << (7 - (y & 7)))) { - SETBIT(out[y/8], 7-(y%8)); - } else { - CLRBIT(out[y/8], 7-(y%8)); - } - if ((y & 7) == 7) { - ++x; - } + if (in[x] & (1 << (7 - (y & 7)))) { + SETBIT(out[y/8], 7-(y%8)); + } else { + CLRBIT(out[y/8], 7-(y%8)); + } + if ((y & 7) == 7) { + ++x; + } } /* we done */ diff --git a/src/pk/asn1/der/bit/der_encode_raw_bit_string.c b/src/pk/asn1/der/bit/der_encode_raw_bit_string.c index 7e29d8cef..298c4e369 100644 --- a/src/pk/asn1/der/bit/der_encode_raw_bit_string.c +++ b/src/pk/asn1/der/bit/der_encode_raw_bit_string.c @@ -21,7 +21,7 @@ /** Store a BIT STRING @param in The array of bits to store (8 per char) - @param inlen The number of bits tostore + @param inlen The number of bits to store @param out [out] The destination for the DER encoded BIT STRING @param outlen [in/out] The max size and resulting size of the DER BIT STRING @return CRYPT_OK if successful @@ -68,11 +68,11 @@ int der_encode_raw_bit_string(const unsigned char *in, unsigned long inlen, /* store the bits in big endian format */ for (y = buf = 0; y < inlen; y++) { - buf |= (getbit(in[y/8],7-y%8)?1:0) << (7 - (y & 7)); - if ((y & 7) == 7) { - out[x++] = buf; - buf = 0; - } + buf |= (getbit(in[y/8],7-y%8)?1:0) << (7 - (y & 7)); + if ((y & 7) == 7) { + out[x++] = buf; + buf = 0; + } } /* store last byte */ if (inlen & 7) { diff --git a/src/pk/asn1/der/sequence/der_encode_subject_public_key_info.c b/src/pk/asn1/der/sequence/der_encode_subject_public_key_info.c index 2ce8bd1e7..dcb869a9e 100644 --- a/src/pk/asn1/der/sequence/der_encode_subject_public_key_info.c +++ b/src/pk/asn1/der/sequence/der_encode_subject_public_key_info.c @@ -58,7 +58,7 @@ int der_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen return der_encode_sequence_multi(out, outlen, LTC_ASN1_SEQUENCE, (unsigned long)sizeof(alg_id)/sizeof(alg_id[0]), alg_id, - LTC_ASN1_RAW_BIT_STRING, (unsigned long)(public_key_len*8), public_key, + LTC_ASN1_RAW_BIT_STRING, public_key_len*8U, public_key, LTC_ASN1_EOL, 0UL, NULL); } From 359770b6c34661d6603da5cbc5d051b81751a92e Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sat, 30 Sep 2017 13:36:55 +0200 Subject: [PATCH 14/17] Revert "catch case where blen%8 != 0" This reverts commit 548ee347c0d3366a41e5fa28ac3c0b44b362fdb5. --- src/pk/asn1/der/bit/der_decode_raw_bit_string.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pk/asn1/der/bit/der_decode_raw_bit_string.c b/src/pk/asn1/der/bit/der_decode_raw_bit_string.c index 400f2405d..18fb82923 100644 --- a/src/pk/asn1/der/bit/der_decode_raw_bit_string.c +++ b/src/pk/asn1/der/bit/der_decode_raw_bit_string.c @@ -78,7 +78,7 @@ int der_decode_raw_bit_string(const unsigned char *in, unsigned long inlen, blen = ((dlen - 1) << 3) - (in[x++] & 7); /* too many bits? */ - if ((blen + 7)/8 > *outlen) { + if (blen/8 > *outlen) { *outlen = blen; return CRYPT_BUFFER_OVERFLOW; } From fb786e17fd36d580443afa37800991ada9e48be5 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sat, 30 Sep 2017 13:37:06 +0200 Subject: [PATCH 15/17] Revert "fix bit-length check in der_decode_raw_bit_string()" This reverts commit 2b8d83ff93da0764f19f494de0a8211515428cef. --- src/pk/asn1/der/bit/der_decode_raw_bit_string.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pk/asn1/der/bit/der_decode_raw_bit_string.c b/src/pk/asn1/der/bit/der_decode_raw_bit_string.c index 18fb82923..223899b33 100644 --- a/src/pk/asn1/der/bit/der_decode_raw_bit_string.c +++ b/src/pk/asn1/der/bit/der_decode_raw_bit_string.c @@ -78,7 +78,7 @@ int der_decode_raw_bit_string(const unsigned char *in, unsigned long inlen, blen = ((dlen - 1) << 3) - (in[x++] & 7); /* too many bits? */ - if (blen/8 > *outlen) { + if (blen > *outlen) { *outlen = blen; return CRYPT_BUFFER_OVERFLOW; } From 130d657007cb15e52af14cbe661f70ff187bb9f0 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sat, 30 Sep 2017 13:38:25 +0200 Subject: [PATCH 16/17] correctly fix decoding of SubjectPublicKeyInfo --- src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c b/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c index 1948e160b..682618179 100644 --- a/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c +++ b/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c @@ -72,7 +72,7 @@ int der_decode_subject_public_key_info(const unsigned char *in, unsigned long in * in a **BIT** string ... so we have to extract it then proceed to convert bit to octet */ LTC_SET_ASN1(subject_pubkey, 0, LTC_ASN1_SEQUENCE, alg_id, 2); - LTC_SET_ASN1(subject_pubkey, 1, LTC_ASN1_RAW_BIT_STRING, tmpbuf, inlen); + LTC_SET_ASN1(subject_pubkey, 1, LTC_ASN1_RAW_BIT_STRING, tmpbuf, inlen*8U); err=der_decode_sequence(in, inlen, subject_pubkey, 2UL); if (err != CRYPT_OK) { From 886b04c01b28588ac2e917efe98240d80a7746d9 Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Sun, 1 Oct 2017 14:40:04 +0200 Subject: [PATCH 17/17] missing rsa_free in _rsa_issue_301 test --- tests/rsa_test.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/rsa_test.c b/tests/rsa_test.c index 998bdda88..51252040c 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -339,6 +339,7 @@ static int _rsa_issue_301(int prng_idx) DO(_rsa_key_cmp(PK_PUBLIC, &key, &key_in)); rsa_free(&key_in); + rsa_free(&key); return 0; }