diff options
Diffstat (limited to 'libtomcrypt/src/pk')
-rw-r--r-- | libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c | 15 | ||||
-rw-r--r-- | libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c | 2 | ||||
-rw-r--r-- | libtomcrypt/src/pk/dsa/dsa_export.c | 2 | ||||
-rw-r--r-- | libtomcrypt/src/pk/dsa/dsa_generate_pqg.c | 4 | ||||
-rw-r--r-- | libtomcrypt/src/pk/ecc/ecc_sign_hash.c | 53 | ||||
-rw-r--r-- | libtomcrypt/src/pk/ecc/ecc_verify_hash.c | 16 | ||||
-rw-r--r-- | libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c | 10 | ||||
-rw-r--r-- | libtomcrypt/src/pk/rsa/rsa_export.c | 2 | ||||
-rw-r--r-- | libtomcrypt/src/pk/rsa/rsa_import_pkcs8.c | 2 |
9 files changed, 60 insertions, 46 deletions
diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c index 142ef95..cb93e8f 100644 --- a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c +++ b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c @@ -79,8 +79,8 @@ static int _new_element(ltc_asn1_list **l) */ int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out) { - ltc_asn1_list *l; - unsigned long err, type, len, totlen, data_offset; + ltc_asn1_list *l, *t; + unsigned long err, type, len, totlen, data_offset, len_len; void *realloc_tmp; LTC_ARGCHK(in != NULL); @@ -407,6 +407,17 @@ int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc l->child->parent = l; } + t = l; + len_len = 0; + while((t != NULL) && (t->child != NULL)) { + len_len++; + t = t->child; + } + if (len_len > LTC_DER_MAX_RECURSION) { + err = CRYPT_ERROR; + goto error; + } + break; case 0x80: /* Context-specific */ diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c index 6826181..d2d0811 100644 --- a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c +++ b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c @@ -80,7 +80,7 @@ int der_decode_subject_public_key_info(const unsigned char *in, unsigned long in } if ((alg_id[0].size != oid.OIDlen) || - XMEMCMP(oid.OID, alg_id[0].data, oid.OIDlen * sizeof(oid.OID[0]))) { + XMEMCMP(oid.OID, alg_id[0].data, oid.OIDlen * sizeof(oid.OID[0])) != 0) { /* OID mismatch */ err = CRYPT_PK_INVALID_TYPE; goto LBL_ERR; diff --git a/libtomcrypt/src/pk/dsa/dsa_export.c b/libtomcrypt/src/pk/dsa/dsa_export.c index 1f6bb5a..f3a9f59 100644 --- a/libtomcrypt/src/pk/dsa/dsa_export.c +++ b/libtomcrypt/src/pk/dsa/dsa_export.c @@ -69,7 +69,7 @@ int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key } } else { if (std) { - unsigned long tmplen = (mp_count_bits(key->y) / 8) + 8; + unsigned long tmplen = (unsigned long)(mp_count_bits(key->y) / 8) + 8; unsigned char* tmp = XMALLOC(tmplen); ltc_asn1_list int_list[3]; diff --git a/libtomcrypt/src/pk/dsa/dsa_generate_pqg.c b/libtomcrypt/src/pk/dsa/dsa_generate_pqg.c index 91c7ef7..8c5f558 100644 --- a/libtomcrypt/src/pk/dsa/dsa_generate_pqg.c +++ b/libtomcrypt/src/pk/dsa/dsa_generate_pqg.c @@ -72,8 +72,8 @@ static int _dsa_make_params(prng_state *prng, int wprng, int group_size, int mod */ seedbytes = group_size; - L = modulus_size * 8; - N = group_size * 8; + L = (unsigned long)modulus_size * 8; + N = (unsigned long)group_size * 8; /* XXX-TODO no Lucas test */ #ifdef LTC_MPI_HAS_LUCAS_TEST diff --git a/libtomcrypt/src/pk/ecc/ecc_sign_hash.c b/libtomcrypt/src/pk/ecc/ecc_sign_hash.c index d285dac..ec6677c 100644 --- a/libtomcrypt/src/pk/ecc/ecc_sign_hash.c +++ b/libtomcrypt/src/pk/ecc/ecc_sign_hash.c @@ -14,14 +14,14 @@ /** @file ecc_sign_hash.c ECC Crypto, Tom St Denis -*/ +*/ static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, + unsigned char *out, unsigned long *outlen, prng_state *prng, int wprng, ecc_key *key, int sigformat) { ecc_key pubkey; - void *r, *s, *e, *p; + void *r, *s, *e, *p, *b; int err, max_iterations = LTC_PK_MAX_RETRIES; unsigned long pbits, pbytes, i, shift_right; unsigned char ch, buf[MAXBLOCKSIZE]; @@ -35,21 +35,21 @@ static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, if (key->type != PK_PRIVATE) { return CRYPT_PK_NOT_PRIVATE; } - + /* is the IDX valid ? */ if (ltc_ecc_is_valid_idx(key->idx) != 1) { return CRYPT_PK_INVALID_TYPE; } - + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { return err; } /* init the bignums */ - if ((err = mp_init_multi(&r, &s, &p, &e, NULL)) != CRYPT_OK) { + if ((err = mp_init_multi(&r, &s, &p, &e, &b, NULL)) != CRYPT_OK) { return err; } - if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto errnokey; } + if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto errnokey; } /* get the hash and load it as a bignum into 'e' */ pbits = mp_count_bits(p); @@ -77,21 +77,24 @@ static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, } /* find r = x1 mod n */ - if ((err = mp_mod(pubkey.pubkey.x, p, r)) != CRYPT_OK) { goto error; } + if ((err = mp_mod(pubkey.pubkey.x, p, r)) != CRYPT_OK) { goto error; } if (mp_iszero(r) == LTC_MP_YES) { ecc_free(&pubkey); - } else { - /* find s = (e + xr)/k */ - if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = 1/k */ - if ((err = mp_mulmod(key->k, r, p, s)) != CRYPT_OK) { goto error; } /* s = xr */ - if ((err = mp_add(e, s, s)) != CRYPT_OK) { goto error; } /* s = e + xr */ - if ((err = mp_mod(s, p, s)) != CRYPT_OK) { goto error; } /* s = e + xr */ - if ((err = mp_mulmod(s, pubkey.k, p, s)) != CRYPT_OK) { goto error; } /* s = (e + xr)/k */ - ecc_free(&pubkey); - if (mp_iszero(s) == LTC_MP_NO) { - break; - } + } else { + if ((err = rand_bn_upto(b, p, prng, wprng)) != CRYPT_OK) { goto error; } /* b = blinding value */ + /* find s = (e + xr)/k */ + if ((err = mp_mulmod(pubkey.k, b, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = kb */ + if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = 1/kb */ + if ((err = mp_mulmod(key->k, r, p, s)) != CRYPT_OK) { goto error; } /* s = xr */ + if ((err = mp_mulmod(pubkey.k, s, p, s)) != CRYPT_OK) { goto error; } /* s = xr/kb */ + if ((err = mp_mulmod(pubkey.k, e, p, e)) != CRYPT_OK) { goto error; } /* e = e/kb */ + if ((err = mp_add(e, s, s)) != CRYPT_OK) { goto error; } /* s = e/kb + xr/kb */ + if ((err = mp_mulmod(s, b, p, s)) != CRYPT_OK) { goto error; } /* s = b(e/kb + xr/kb) = (e + xr)/k */ + ecc_free(&pubkey); + if (mp_iszero(s) == LTC_MP_NO) { + break; + } } } while (--max_iterations > 0); @@ -112,17 +115,17 @@ static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, } else { /* store as ASN.1 SEQUENCE { r, s -- integer } */ - err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_INTEGER, 1UL, r, - LTC_ASN1_INTEGER, 1UL, s, - LTC_ASN1_EOL, 0UL, NULL); + err = der_encode_sequence_multi(out, outlen, + LTC_ASN1_INTEGER, 1UL, r, + LTC_ASN1_INTEGER, 1UL, s, + LTC_ASN1_EOL, 0UL, NULL); } goto errnokey; error: ecc_free(&pubkey); errnokey: - mp_clear_multi(r, s, p, e, NULL); - return err; + mp_clear_multi(r, s, p, e, b, NULL); + return err; } /** diff --git a/libtomcrypt/src/pk/ecc/ecc_verify_hash.c b/libtomcrypt/src/pk/ecc/ecc_verify_hash.c index 7aa5f52..bc4f84f 100644 --- a/libtomcrypt/src/pk/ecc/ecc_verify_hash.c +++ b/libtomcrypt/src/pk/ecc/ecc_verify_hash.c @@ -14,10 +14,10 @@ /** @file ecc_verify_hash.c ECC Crypto, Tom St Denis -*/ +*/ static int _ecc_verify_hash(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, + const unsigned char *hash, unsigned long hashlen, int *stat, ecc_key *key, int sigformat) { ecc_point *mG, *mQ; @@ -66,9 +66,9 @@ static int _ecc_verify_hash(const unsigned char *sig, unsigned long siglen, } else { /* ASN.1 format */ - if ((err = der_decode_sequence_multi(sig, siglen, - LTC_ASN1_INTEGER, 1UL, r, - LTC_ASN1_INTEGER, 1UL, s, + if ((err = der_decode_sequence_multi(sig, siglen, + LTC_ASN1_INTEGER, 1UL, r, + LTC_ASN1_INTEGER, 1UL, s, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto error; } } @@ -125,13 +125,13 @@ static int _ecc_verify_hash(const unsigned char *sig, unsigned long siglen, if (ltc_mp.ecc_mul2add == NULL) { if ((err = ltc_mp.ecc_ptmul(u1, mG, mG, m, 0)) != CRYPT_OK) { goto error; } if ((err = ltc_mp.ecc_ptmul(u2, mQ, mQ, m, 0)) != CRYPT_OK) { goto error; } - + /* find the montgomery mp */ if ((err = mp_montgomery_setup(m, &mp)) != CRYPT_OK) { goto error; } /* add them */ if ((err = ltc_mp.ecc_ptadd(mQ, mG, mG, m, mp)) != CRYPT_OK) { goto error; } - + /* reduce */ if ((err = ltc_mp.ecc_map(mG, m, mp)) != CRYPT_OK) { goto error; } } else { @@ -153,7 +153,7 @@ error: ltc_ecc_del_point(mG); ltc_ecc_del_point(mQ); mp_clear_multi(r, s, v, w, u1, u2, p, e, m, NULL); - if (mp != NULL) { + if (mp != NULL) { mp_montgomery_free(mp); } return err; diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c b/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c index ca5c9d9..ab26ede 100644 --- a/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c @@ -17,7 +17,7 @@ /** @file ltc_ecc_mulmod_timing.c ECC Crypto, Tom St Denis -*/ +*/ #ifdef LTC_MECC @@ -59,8 +59,8 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map) return err; } - /* alloc ram for window temps */ - for (i = 0; i < 3; i++) { + /* alloc ram for window temps */ + for (i = 0; i < 3; i++) { M[i] = ltc_ecc_new_point(); if (M[i] == NULL) { for (j = 0; j < i; j++) { @@ -70,7 +70,7 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map) mp_montgomery_free(mp); return CRYPT_MEM; } - } + } /* make a copy of G incase R==G */ tG = ltc_ecc_new_point(); @@ -82,7 +82,7 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map) if ((err = mp_mulmod(G->z, mu, modulus, tG->z)) != CRYPT_OK) { goto done; } mp_clear(mu); mu = NULL; - + /* calc the M tab */ /* M[0] == G */ if ((err = mp_copy(tG->x, M[0]->x)) != CRYPT_OK) { goto done; } diff --git a/libtomcrypt/src/pk/rsa/rsa_export.c b/libtomcrypt/src/pk/rsa/rsa_export.c index a9885de..efd61d6 100644 --- a/libtomcrypt/src/pk/rsa/rsa_export.c +++ b/libtomcrypt/src/pk/rsa/rsa_export.c @@ -58,7 +58,7 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key unsigned char* tmp = NULL; if (type & PK_STD) { - tmplen = (mp_count_bits(key->N)/8)*2+8; + tmplen = (unsigned long)(mp_count_bits(key->N) / 8) * 2 + 8; tmp = XMALLOC(tmplen); ptmplen = &tmplen; if (tmp == NULL) { diff --git a/libtomcrypt/src/pk/rsa/rsa_import_pkcs8.c b/libtomcrypt/src/pk/rsa/rsa_import_pkcs8.c index 8e15e06..0546eb0 100644 --- a/libtomcrypt/src/pk/rsa/rsa_import_pkcs8.c +++ b/libtomcrypt/src/pk/rsa/rsa_import_pkcs8.c @@ -114,7 +114,7 @@ int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen, /* check alg oid */ if ((alg_seq[0].size != rsaoid.OIDlen) || - XMEMCMP(rsaoid.OID, alg_seq[0].data, rsaoid.OIDlen * sizeof(rsaoid.OID[0]))) { + XMEMCMP(rsaoid.OID, alg_seq[0].data, rsaoid.OIDlen * sizeof(rsaoid.OID[0])) != 0) { err = CRYPT_PK_INVALID_TYPE; goto LBL_ERR; } |