From 4b305c5721f68e39320ca2e15b03a411da2305f1 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Wed, 10 Jun 2020 23:16:13 +0800
Subject: Merge libtomcrypt v1.18.2

---
 .../pk/asn1/der/sequence/der_decode_sequence_flexi.c    | 15 +++++++++++++--
 .../der/sequence/der_decode_subject_public_key_info.c   |  2 +-
 libtomcrypt/src/pk/dsa/dsa_export.c                     |  2 +-
 libtomcrypt/src/pk/dsa/dsa_generate_pqg.c               |  4 ++--
 libtomcrypt/src/pk/ecc/ecc_sign_hash.c                  | 17 ++++++++++-------
 libtomcrypt/src/pk/rsa/rsa_export.c                     |  2 +-
 libtomcrypt/src/pk/rsa/rsa_import_pkcs8.c               |  2 +-
 7 files changed, 29 insertions(+), 15 deletions(-)

(limited to 'libtomcrypt/src/pk')

diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c
index 142ef95..cb93e8f 100644
--- a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c
+++ b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c
@@ -79,8 +79,8 @@ static int _new_element(ltc_asn1_list **l)
 */
 int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out)
 {
-   ltc_asn1_list *l;
-   unsigned long err, type, len, totlen, data_offset;
+   ltc_asn1_list *l, *t;
+   unsigned long err, type, len, totlen, data_offset, len_len;
    void          *realloc_tmp;
 
    LTC_ARGCHK(in    != NULL);
@@ -407,6 +407,17 @@ int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc
                 l->child->parent = l;
              }
 
+             t = l;
+             len_len = 0;
+             while((t != NULL) && (t->child != NULL)) {
+                len_len++;
+                t = t->child;
+             }
+             if (len_len > LTC_DER_MAX_RECURSION) {
+                err = CRYPT_ERROR;
+                goto error;
+             }
+
              break;
 
          case 0x80: /* Context-specific */
diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
index 6826181..d2d0811 100644
--- a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
+++ b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
@@ -80,7 +80,7 @@ int der_decode_subject_public_key_info(const unsigned char *in, unsigned long in
    }
 
    if ((alg_id[0].size != oid.OIDlen) ||
-        XMEMCMP(oid.OID, alg_id[0].data, oid.OIDlen * sizeof(oid.OID[0]))) {
+        XMEMCMP(oid.OID, alg_id[0].data, oid.OIDlen * sizeof(oid.OID[0])) != 0) {
         /* OID mismatch */
         err = CRYPT_PK_INVALID_TYPE;
         goto LBL_ERR;
diff --git a/libtomcrypt/src/pk/dsa/dsa_export.c b/libtomcrypt/src/pk/dsa/dsa_export.c
index 1f6bb5a..f3a9f59 100644
--- a/libtomcrypt/src/pk/dsa/dsa_export.c
+++ b/libtomcrypt/src/pk/dsa/dsa_export.c
@@ -69,7 +69,7 @@ int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key
       }
    } else {
       if (std) {
-          unsigned long tmplen = (mp_count_bits(key->y) / 8) + 8;
+          unsigned long tmplen = (unsigned long)(mp_count_bits(key->y) / 8) + 8;
           unsigned char* tmp = XMALLOC(tmplen);
           ltc_asn1_list int_list[3];
 
diff --git a/libtomcrypt/src/pk/dsa/dsa_generate_pqg.c b/libtomcrypt/src/pk/dsa/dsa_generate_pqg.c
index 91c7ef7..8c5f558 100644
--- a/libtomcrypt/src/pk/dsa/dsa_generate_pqg.c
+++ b/libtomcrypt/src/pk/dsa/dsa_generate_pqg.c
@@ -72,8 +72,8 @@ static int _dsa_make_params(prng_state *prng, int wprng, int group_size, int mod
   */
 
   seedbytes = group_size;
-  L = modulus_size * 8;
-  N = group_size * 8;
+  L = (unsigned long)modulus_size * 8;
+  N = (unsigned long)group_size * 8;
 
   /* XXX-TODO no Lucas test */
 #ifdef LTC_MPI_HAS_LUCAS_TEST
diff --git a/libtomcrypt/src/pk/ecc/ecc_sign_hash.c b/libtomcrypt/src/pk/ecc/ecc_sign_hash.c
index 5f6f57f..ec6677c 100644
--- a/libtomcrypt/src/pk/ecc/ecc_sign_hash.c
+++ b/libtomcrypt/src/pk/ecc/ecc_sign_hash.c
@@ -21,7 +21,7 @@ static int _ecc_sign_hash(const unsigned char *in,  unsigned long inlen,
                                 prng_state *prng, int wprng, ecc_key *key, int sigformat)
 {
    ecc_key       pubkey;
-   void          *r, *s, *e, *p;
+   void          *r, *s, *e, *p, *b;
    int           err, max_iterations = LTC_PK_MAX_RETRIES;
    unsigned long pbits, pbytes, i, shift_right;
    unsigned char ch, buf[MAXBLOCKSIZE];
@@ -46,7 +46,7 @@ static int _ecc_sign_hash(const unsigned char *in,  unsigned long inlen,
    }
 
    /* init the bignums */
-   if ((err = mp_init_multi(&r, &s, &p, &e, NULL)) != CRYPT_OK) {
+   if ((err = mp_init_multi(&r, &s, &p, &e, &b, NULL)) != CRYPT_OK) {
       return err;
    }
    if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK)              { goto errnokey; }
@@ -82,12 +82,15 @@ static int _ecc_sign_hash(const unsigned char *in,  unsigned long inlen,
       if (mp_iszero(r) == LTC_MP_YES) {
          ecc_free(&pubkey);
       } else {
+         if ((err = rand_bn_upto(b, p, prng, wprng)) != CRYPT_OK)          { goto error; } /* b = blinding value */
          /* find s = (e + xr)/k */
-         if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK)         { goto error; } /* k = 1/k */
+         if ((err = mp_mulmod(pubkey.k, b, p, pubkey.k)) != CRYPT_OK)      { goto error; } /* k = kb */
+         if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK)         { goto error; } /* k = 1/kb */
          if ((err = mp_mulmod(key->k, r, p, s)) != CRYPT_OK)               { goto error; } /* s = xr */
-         if ((err = mp_add(e, s, s)) != CRYPT_OK)                          { goto error; } /* s = e +  xr */
-         if ((err = mp_mod(s, p, s)) != CRYPT_OK)                          { goto error; } /* s = e +  xr */
-         if ((err = mp_mulmod(s, pubkey.k, p, s)) != CRYPT_OK)             { goto error; } /* s = (e + xr)/k */
+         if ((err = mp_mulmod(pubkey.k, s, p, s)) != CRYPT_OK)             { goto error; } /* s = xr/kb */
+         if ((err = mp_mulmod(pubkey.k, e, p, e)) != CRYPT_OK)             { goto error; } /* e = e/kb */
+         if ((err = mp_add(e, s, s)) != CRYPT_OK)                          { goto error; } /* s = e/kb + xr/kb */
+         if ((err = mp_mulmod(s, b, p, s)) != CRYPT_OK)                    { goto error; } /* s = b(e/kb + xr/kb) = (e + xr)/k */
          ecc_free(&pubkey);
          if (mp_iszero(s) == LTC_MP_NO) {
             break;
@@ -121,7 +124,7 @@ static int _ecc_sign_hash(const unsigned char *in,  unsigned long inlen,
 error:
    ecc_free(&pubkey);
 errnokey:
-   mp_clear_multi(r, s, p, e, NULL);
+   mp_clear_multi(r, s, p, e, b, NULL);
    return err;
 }
 
diff --git a/libtomcrypt/src/pk/rsa/rsa_export.c b/libtomcrypt/src/pk/rsa/rsa_export.c
index a9885de..efd61d6 100644
--- a/libtomcrypt/src/pk/rsa/rsa_export.c
+++ b/libtomcrypt/src/pk/rsa/rsa_export.c
@@ -58,7 +58,7 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key
       unsigned char* tmp = NULL;
 
       if (type & PK_STD) {
-          tmplen = (mp_count_bits(key->N)/8)*2+8;
+          tmplen = (unsigned long)(mp_count_bits(key->N) / 8) * 2 + 8;
           tmp = XMALLOC(tmplen);
           ptmplen = &tmplen;
           if (tmp == NULL) {
diff --git a/libtomcrypt/src/pk/rsa/rsa_import_pkcs8.c b/libtomcrypt/src/pk/rsa/rsa_import_pkcs8.c
index 8e15e06..0546eb0 100644
--- a/libtomcrypt/src/pk/rsa/rsa_import_pkcs8.c
+++ b/libtomcrypt/src/pk/rsa/rsa_import_pkcs8.c
@@ -114,7 +114,7 @@ int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen,
 
    /* check alg oid */
    if ((alg_seq[0].size != rsaoid.OIDlen) ||
-      XMEMCMP(rsaoid.OID, alg_seq[0].data, rsaoid.OIDlen * sizeof(rsaoid.OID[0]))) {
+      XMEMCMP(rsaoid.OID, alg_seq[0].data, rsaoid.OIDlen * sizeof(rsaoid.OID[0])) != 0) {
       err = CRYPT_PK_INVALID_TYPE;
       goto LBL_ERR;
    }
-- 
cgit v1.2.3