diff options
author | Karel Miko <karel.miko@gmail.com> | 2021-04-19 14:35:59 +0200 |
---|---|---|
committer | Karel Miko <karel.miko@gmail.com> | 2021-04-19 14:35:59 +0200 |
commit | a764616a27edab2e084ff23173f8b500a73858fa (patch) | |
tree | 82daa6ff357cf0168f417a00fea53766eef3c550 | |
parent | 8e1295bd636747fe73d9d844be956e8e1ce4e09e (diff) |
update libtomcrypt
-rw-r--r-- | Changes | 2 | ||||
-rw-r--r-- | src/ltc/encauth/ccm/ccm_add_nonce.c | 5 | ||||
-rw-r--r-- | src/ltc/encauth/ccm/ccm_init.c | 2 | ||||
-rw-r--r-- | src/ltc/encauth/ccm/ccm_memory.c | 7 | ||||
-rw-r--r-- | src/ltc/headers/tomcrypt_cfg.h | 13 | ||||
-rw-r--r-- | src/ltc/headers/tomcrypt_cipher.h | 4 | ||||
-rw-r--r-- | src/ltc/headers/tomcrypt_mac.h | 6 | ||||
-rw-r--r-- | src/ltc/headers/tomcrypt_pk.h | 11 | ||||
-rw-r--r-- | src/ltc/misc/compare_testvector.c | 4 | ||||
-rw-r--r-- | src/ltc/misc/crypt/crypt_constants.c | 1 | ||||
-rw-r--r-- | src/ltc/pk/dsa/dsa_generate_pqg.c | 18 |
11 files changed, 46 insertions, 27 deletions
@@ -2,7 +2,7 @@ Changes for CryptX 0.072 2021-XX-XX - fix #69 Identifier Octet's Leniency in RSA PKCS#1 Signature Verification - - bundled libtomcrypt update branch:develop (commit:ddf1b63a 2021-04-10) + - bundled libtomcrypt update branch:develop (commit:165c795b 2021-04-14) 0.071 2021-03-30 - fix #67 (better handling of PEM decoding failures) diff --git a/src/ltc/encauth/ccm/ccm_add_nonce.c b/src/ltc/encauth/ccm/ccm_add_nonce.c index bda74411..a48d48d3 100644 --- a/src/ltc/encauth/ccm/ccm_add_nonce.c +++ b/src/ltc/encauth/ccm/ccm_add_nonce.c @@ -25,6 +25,9 @@ int ccm_add_nonce(ccm_state *ccm, if ((15 - ccm->noncelen) > ccm->L) { ccm->L = 15 - ccm->noncelen; } + if (ccm->L > 8) { + return CRYPT_INVALID_ARG; + } /* decrease noncelen to match L */ if ((ccm->noncelen + ccm->L) > 15) { @@ -38,7 +41,7 @@ int ccm_add_nonce(ccm_state *ccm, (ccm->L-1)); /* nonce */ - for (y = 0; y < (16 - (ccm->L + 1)); y++) { + for (y = 0; y < 15 - ccm->L; y++) { ccm->PAD[x++] = nonce[y]; } diff --git a/src/ltc/encauth/ccm/ccm_init.c b/src/ltc/encauth/ccm/ccm_init.c index c98929ec..527c6af7 100644 --- a/src/ltc/encauth/ccm/ccm_init.c +++ b/src/ltc/encauth/ccm/ccm_init.c @@ -35,7 +35,7 @@ int ccm_init(ccm_state *ccm, int cipher, } /* make sure the taglen is valid */ - if (taglen < 4 || taglen > 16 || (taglen % 2) == 1) { + if (taglen < 4 || taglen > 16 || (taglen % 2) == 1 || aadlen < 0 || ptlen < 0) { return CRYPT_INVALID_ARG; } ccm->taglen = taglen; diff --git a/src/ltc/encauth/ccm/ccm_memory.c b/src/ltc/encauth/ccm/ccm_memory.c index d22c0fb8..fdb5172e 100644 --- a/src/ltc/encauth/ccm/ccm_memory.c +++ b/src/ltc/encauth/ccm/ccm_memory.c @@ -75,7 +75,7 @@ int ccm_memory(int cipher, } /* make sure the taglen is valid */ - if (*taglen < 4 || *taglen > 16 || (*taglen % 2) == 1) { + if (*taglen < 4 || *taglen > 16 || (*taglen % 2) == 1 || headerlen > 0x7fffffffu) { return CRYPT_INVALID_ARG; } @@ -108,6 +108,9 @@ int ccm_memory(int cipher, if ((15 - noncelen) > L) { L = 15 - noncelen; } + if (L > 8) { + return CRYPT_INVALID_ARG; + } /* allocate mem for the symmetric key */ if (uskey == NULL) { @@ -141,7 +144,7 @@ int ccm_memory(int cipher, (L-1)); /* nonce */ - for (y = 0; y < (16 - (L + 1)); y++) { + for (y = 0; y < 15 - L; y++) { PAD[x++] = nonce[y]; } diff --git a/src/ltc/headers/tomcrypt_cfg.h b/src/ltc/headers/tomcrypt_cfg.h index 6392c549..994a084b 100644 --- a/src/ltc/headers/tomcrypt_cfg.h +++ b/src/ltc/headers/tomcrypt_cfg.h @@ -105,7 +105,7 @@ LTC_EXPORT int LTC_CALL XSTRCMP(const char *s1, const char *s2); #define ENDIAN_64BITWORD #if defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__) #define ENDIAN_BIG - #endif + #else #define ENDIAN_LITTLE #endif #endif @@ -182,7 +182,8 @@ LTC_EXPORT int LTC_CALL XSTRCMP(const char *s1, const char *s2); defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ || \ defined(__BIG_ENDIAN__) || \ defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \ - defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__) + defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__) || \ + defined(__m68k__) #define ENDIAN_BIG #elif defined(_BYTE_ORDER) && _BYTE_ORDER == _LITTLE_ENDIAN || \ defined(__BYTE_ORDER) && __BYTE_ORDER == __LITTLE_ENDIAN || \ @@ -288,6 +289,12 @@ typedef unsigned long ltc_mp_digit; #define LTC_HAVE_ROTATE_BUILTIN #endif +#if defined(__GNUC__) + #define LTC_ALIGN(n) __attribute__((aligned(n))) +#else + #define LTC_ALIGN(n) +#endif + #if defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__ >= 405) # define LTC_DEPRECATED(s) __attribute__((deprecated("replaced by " #s))) # define PRIVATE_LTC_DEPRECATED_PRAGMA(s) _Pragma(#s) @@ -303,3 +310,5 @@ typedef unsigned long ltc_mp_digit; # define LTC_DEPRECATED(s) # define LTC_DEPRECATED_PRAGMA(s) #endif + +#endif /* TOMCRYPT_CFG_H */ diff --git a/src/ltc/headers/tomcrypt_cipher.h b/src/ltc/headers/tomcrypt_cipher.h index 7d8d5ad6..a3ba8f30 100644 --- a/src/ltc/headers/tomcrypt_cipher.h +++ b/src/ltc/headers/tomcrypt_cipher.h @@ -318,9 +318,9 @@ typedef struct { ctrlen; /** The counter */ - unsigned char ctr[MAXBLOCKSIZE], + unsigned char ctr[MAXBLOCKSIZE]; /** The pad used to encrypt/decrypt */ - pad[MAXBLOCKSIZE]; + unsigned char pad[MAXBLOCKSIZE] LTC_ALIGN(16); /** The scheduled key */ symmetric_key key; } symmetric_CTR; diff --git a/src/ltc/headers/tomcrypt_mac.h b/src/ltc/headers/tomcrypt_mac.h index 60ab1acb..549903c2 100644 --- a/src/ltc/headers/tomcrypt_mac.h +++ b/src/ltc/headers/tomcrypt_mac.h @@ -395,7 +395,7 @@ int ocb3_test(void); typedef struct { symmetric_key K; int cipher, /* which cipher */ - taglen, /* length of the tag */ + taglen, /* length of the tag (encoded in M value) */ x; /* index in PAD */ unsigned long L, /* L value */ @@ -405,7 +405,7 @@ typedef struct { current_aadlen, /* length of the currently provided add */ noncelen; /* length of the nonce */ - unsigned char PAD[16], + unsigned char PAD[16], /* flags | Nonce N | l(m) */ ctr[16], CTRPAD[16], CTRlen; @@ -482,7 +482,7 @@ typedef struct { #ifdef LTC_GCM_TABLES unsigned char PC[16][256][16] /* 16 tables of 8x128 */ #ifdef LTC_GCM_TABLES_SSE2 -__attribute__ ((aligned (16))) +LTC_ALIGN(16) #endif ; #endif diff --git a/src/ltc/headers/tomcrypt_pk.h b/src/ltc/headers/tomcrypt_pk.h index 01b8126c..a47fc687 100644 --- a/src/ltc/headers/tomcrypt_pk.h +++ b/src/ltc/headers/tomcrypt_pk.h @@ -384,11 +384,14 @@ int x25519_shared_secret(const curve25519_key *private_key, #ifdef LTC_MDSA -/* Max diff between group and modulus size in bytes */ -#define LTC_MDSA_DELTA 512 +/* Max diff between group and modulus size in bytes (max case: L=8192bits, N=256bits) */ +#define LTC_MDSA_DELTA 992 -/* Max DSA group size in bytes (default allows 4k-bit groups) */ -#define LTC_MDSA_MAX_GROUP 512 +/* Max DSA group size in bytes */ +#define LTC_MDSA_MAX_GROUP 64 + +/* Max DSA modulus size in bytes (the actual DSA size, max 8192 bits) */ +#define LTC_MDSA_MAX_MODULUS 1024 /** DSA key structure */ typedef struct { diff --git a/src/ltc/misc/compare_testvector.c b/src/ltc/misc/compare_testvector.c index 3e0f6c40..bb3c8cbf 100644 --- a/src/ltc/misc/compare_testvector.c +++ b/src/ltc/misc/compare_testvector.c @@ -64,12 +64,12 @@ int compare_testvector(const void* is, const unsigned long is_len, const void* s } #if defined(LTC_TEST) && defined(LTC_TEST_DBG) if (res != 0) { - fprintf(stderr, "Testvector #%i of %s failed:\n", which, what); + fprintf(stderr, "Testvector #%i(0x%x) of %s failed:\n", which, which, what); s_print_hex("SHOULD", should, should_len); s_print_hex("IS ", is, is_len); #if LTC_TEST_DBG > 1 } else { - fprintf(stderr, "Testvector #%i of %s passed!\n", which, what); + fprintf(stderr, "Testvector #%i(0x%x) of %s passed!\n", which, which, what); #endif } #else diff --git a/src/ltc/misc/crypt/crypt_constants.c b/src/ltc/misc/crypt/crypt_constants.c index 9c1ed83b..eac6daec 100644 --- a/src/ltc/misc/crypt/crypt_constants.c +++ b/src/ltc/misc/crypt/crypt_constants.c @@ -102,6 +102,7 @@ static const crypt_constant s_crypt_constants[] = { {"LTC_MDSA", 1}, C_STRINGIFY(LTC_MDSA_DELTA), C_STRINGIFY(LTC_MDSA_MAX_GROUP), + C_STRINGIFY(LTC_MDSA_MAX_MODULUS), #else {"LTC_MDSA", 0}, #endif diff --git a/src/ltc/pk/dsa/dsa_generate_pqg.c b/src/ltc/pk/dsa/dsa_generate_pqg.c index af1b2023..a2d54382 100644 --- a/src/ltc/pk/dsa/dsa_generate_pqg.c +++ b/src/ltc/pk/dsa/dsa_generate_pqg.c @@ -26,9 +26,10 @@ static int s_dsa_make_params(prng_state *prng, int wprng, int group_size, int mo int err, res, mr_tests_q, mr_tests_p, found_p, found_q, hash; unsigned char *wbuf, *sbuf, digest[MAXBLOCKSIZE]; void *t2L1, *t2N1, *t2q, *t2seedlen, *U, *W, *X, *c, *h, *e, *seedinc; + const char *accepted_hashes[] = { "sha3-512", "sha512", "sha3-384", "sha384", "sha3-256", "sha256" }; /* check size */ - if (group_size >= LTC_MDSA_MAX_GROUP || group_size < 1 || group_size >= modulus_size) { + if (group_size > LTC_MDSA_MAX_GROUP || group_size < 1 || group_size >= modulus_size || modulus_size > LTC_MDSA_MAX_MODULUS) { return CRYPT_INVALID_ARG; } @@ -87,16 +88,15 @@ static int s_dsa_make_params(prng_state *prng, int wprng, int group_size, int mo else { mr_tests_q = 64; } #endif - if (N <= 256) { - hash = register_hash(&sha256_desc); + hash = -1; + for (i = 0; i < sizeof(accepted_hashes)/sizeof(accepted_hashes[0]); ++i) { + hash = find_hash(accepted_hashes[i]); + if (hash != -1) break; } - else if (N <= 384) { - hash = register_hash(&sha384_desc); + if (hash == -1) { + return CRYPT_INVALID_ARG; /* no appropriate hash function found */ } - else if (N <= 512) { - hash = register_hash(&sha512_desc); - } - else { + if (N > hash_descriptor[hash].hashsize * 8) { return CRYPT_INVALID_ARG; /* group_size too big */ } |