eden-emu/mbedtls
20
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'upstream-restricted/pr/404' into development-restricted

Browse source
This commit is contained in:
Gilles Peskine 2017-11-28 15:50:02 +01:00
commit 9c8ac0ce2c
4 changed files with 29 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

11
library/dhm.c
View file

@ -93,6 +93,9 @@ static int dhm_read_bignum( mbedtls_mpi *X,
*
* Parameter should be: 2 <= public_param <= P - 2
*
* This means that we need to return an error if
* public_param < 2 or public_param > P-2
*
* For more information on the attack, see:
* http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
@ -100,17 +103,17 @@ static int dhm_read_bignum( mbedtls_mpi *X,
static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
{
mbedtls_mpi L, U;
int ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
int ret = 0;
mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) );
if( mbedtls_mpi_cmp_mpi( param, &L ) >= 0 &&
mbedtls_mpi_cmp_mpi( param, &U ) <= 0 )
if( mbedtls_mpi_cmp_mpi( param, &L ) < 0 ||
mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
{
ret = 0;
ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
cleanup: