Merge pull request #4439 from gilles-peskine-arm/aes2crypt-removal-2.16
Backport 2.16: Remove the sample program aescrypt2
diff --git a/ChangeLog.d/add-missing-parenthesis.txt b/ChangeLog.d/add-missing-parenthesis.txt
new file mode 100644
index 0000000..9576ff3
--- /dev/null
+++ b/ChangeLog.d/add-missing-parenthesis.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
+ defined. Fixes #4217.
diff --git a/ChangeLog.d/dhm_min_bitlen.txt b/ChangeLog.d/dhm_min_bitlen.txt
new file mode 100644
index 0000000..e7ea827
--- /dev/null
+++ b/ChangeLog.d/dhm_min_bitlen.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * In a TLS client, enforce the Diffie-Hellman minimum parameter size
+ set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
+ minimum size was rounded down to the nearest multiple of 8.
diff --git a/library/ecp.c b/library/ecp.c
index fe41b41..2168981 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -2505,7 +2505,7 @@
#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
if( mbedtls_internal_ecp_grp_capable( grp ) )
- return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng );
+ return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ) );
#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
p_size = ( grp->pbits + 7 ) / 8;
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index bd7f281..073311b 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2209,6 +2209,7 @@
unsigned char *end )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ size_t dhm_actual_bitlen;
/*
* Ephemeral DH parameters:
@@ -2226,10 +2227,11 @@
return( ret );
}
- if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
+ dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P );
+ if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d",
- ssl->handshake->dhm_ctx.len * 8,
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %u < %u",
+ (unsigned) dhm_actual_bitlen,
ssl->conf->dhm_min_bitlen ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index db4ee3b..3ac237a 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -1053,6 +1053,16 @@
all_final += cert_md5.crt
################################################################
+#### Diffie-Hellman parameters
+################################################################
+
+dh.998.pem:
+ $(OPENSSL) dhparam -out $@ -text 998
+
+dh.999.pem:
+ $(OPENSSL) dhparam -out $@ -text 999
+
+################################################################
#### Meta targets
################################################################
diff --git a/tests/data_files/dh.998.pem b/tests/data_files/dh.998.pem
new file mode 100644
index 0000000..96d6cf2
--- /dev/null
+++ b/tests/data_files/dh.998.pem
@@ -0,0 +1,17 @@
+ DH Parameters: (998 bit)
+ prime:
+ 39:5f:30:c0:7b:06:b7:6a:49:c6:c0:81:1f:39:77:
+ b3:35:e2:8d:66:fc:6a:6e:94:f3:df:97:f2:89:31:
+ 6c:75:39:08:16:d1:a4:b8:0c:68:c5:63:21:61:eb:
+ 48:2d:77:99:08:1d:67:38:37:0a:cd:cf:39:b6:3c:
+ 9d:8a:e5:85:3c:71:e3:4b:3e:1e:b9:80:e3:cc:7a:
+ fd:84:05:b0:df:36:15:29:4e:3e:23:3b:c3:ae:6b:
+ c7:11:b9:64:43:40:75:c7:4a:ef:a7:2d:00:e2:62:
+ 8f:93:78:96:8f:2c:25:8d:7d:1f:eb:5c:3c:bf:51:
+ de:f8:08:25:db
+ generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MIGCAn05XzDAewa3aknGwIEfOXezNeKNZvxqbpTz35fyiTFsdTkIFtGkuAxoxWMh
+YetILXeZCB1nODcKzc85tjydiuWFPHHjSz4euYDjzHr9hAWw3zYVKU4+IzvDrmvH
+EblkQ0B1x0rvpy0A4mKPk3iWjywljX0f61w8v1He+Agl2wIBAg==
+-----END DH PARAMETERS-----
diff --git a/tests/data_files/dh.999.pem b/tests/data_files/dh.999.pem
new file mode 100644
index 0000000..6e3ceb3
--- /dev/null
+++ b/tests/data_files/dh.999.pem
@@ -0,0 +1,17 @@
+ DH Parameters: (999 bit)
+ prime:
+ 4f:b8:d2:d8:3c:b3:02:c9:64:f5:99:fe:61:cc:b3:
+ 69:1c:ba:bb:a2:33:db:38:2f:85:87:b7:12:fb:69:
+ 6e:a5:32:3e:ff:24:df:c4:61:07:0c:e1:88:72:fa:
+ 14:d4:22:65:18:66:09:7e:43:35:c4:5a:62:f7:0a:
+ 69:be:45:71:6e:ac:c5:56:d8:22:9e:c4:9c:23:2b:
+ bd:6d:3b:b6:02:4f:5d:12:a7:ac:90:b8:9e:be:93:
+ 82:bc:09:7c:cd:e1:09:21:1e:3d:69:2a:76:41:00:
+ 68:6d:b7:e8:e8:df:d6:1b:82:93:d9:21:4a:ea:71:
+ f2:e6:c4:94:03
+ generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MIGCAn1PuNLYPLMCyWT1mf5hzLNpHLq7ojPbOC+Fh7cS+2lupTI+/yTfxGEHDOGI
+cvoU1CJlGGYJfkM1xFpi9wppvkVxbqzFVtginsScIyu9bTu2Ak9dEqeskLievpOC
+vAl8zeEJIR49aSp2QQBobbfo6N/WG4KT2SFK6nHy5sSUAwIBAg==
+-----END DH PARAMETERS-----
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 7ec83d2..0123521 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -3960,6 +3960,20 @@
0 \
-C "DHM prime too short:"
+run_test "DHM size: server 999, client 999, OK" \
+ "$P_SRV dhm_file=data_files/dh.999.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=999" \
+ 0 \
+ -C "DHM prime too short:"
+
+run_test "DHM size: server 1000, client 1000, OK" \
+ "$P_SRV dhm_file=data_files/dh.1000.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=1000" \
+ 0 \
+ -C "DHM prime too short:"
+
run_test "DHM size: server 1000, client default, rejected" \
"$P_SRV dhm_file=data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -3967,6 +3981,27 @@
1 \
-c "DHM prime too short:"
+run_test "DHM size: server 1000, client 1001, rejected" \
+ "$P_SRV dhm_file=data_files/dh.1000.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=1001" \
+ 1 \
+ -c "DHM prime too short:"
+
+run_test "DHM size: server 999, client 1000, rejected" \
+ "$P_SRV dhm_file=data_files/dh.999.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=1000" \
+ 1 \
+ -c "DHM prime too short:"
+
+run_test "DHM size: server 998, client 999, rejected" \
+ "$P_SRV dhm_file=data_files/dh.998.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=999" \
+ 1 \
+ -c "DHM prime too short:"
+
run_test "DHM size: server default, client 2049, rejected" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \