[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_18-7-g5b2da61

[Nikos Mavrogiannopoulos]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=5b2da615d9d82bc78a742b47fec9aef7540bc98e

The branch, gnutls_2_12_x has been updated
       via  5b2da615d9d82bc78a742b47fec9aef7540bc98e (commit)
       via  1a6b4a2e79341e8201abcd6940c04a647b9cc5f5 (commit)
       via  c1b279a9786f50e932a4527e900fc1a6df36e5f1 (commit)
      from  31cb70bdbc477c03fe217e5adaae89cd7cab6e18 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5b2da615d9d82bc78a742b47fec9aef7540bc98e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Apr 22 17:59:49 2012 +0200

    documented fix

commit 1a6b4a2e79341e8201abcd6940c04a647b9cc5f5
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Thu Apr 19 20:26:50 2012 +0200

    Added complete check in SRP parameters.

commit c1b279a9786f50e932a4527e900fc1a6df36e5f1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Wed Apr 18 17:26:15 2012 +0200

    Added better sanity checks in Diffie-Hellman key exchange.
    
    Conflicts:
    
        lib/gnutls_dh.c

-----------------------------------------------------------------------

Summary of changes:
 NEWS            |    3 +++
 lib/auth_srp.c  |   12 ++++++++++--
 lib/gnutls_dh.c |   33 +++++++++++++++++++++++++++++----
 3 files changed, 42 insertions(+), 6 deletions(-)

diff --git a/NEWS b/NEWS
index 59ec92e..e70f4c2 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,9 @@ Version 2.12.19 (unreleased)
 is assumed to be a file that stores the pin. Based on patch
 by David Smith.
 
+** libgnutls: Added strict tests in Diffie-Hellman and
+SRP key exchange public keys.
+
 ** minitasn1: Upgraded to libtasn1 version 2.13 (pre-release).
 
 ** API and ABI modifications:
diff --git a/lib/auth_srp.c b/lib/auth_srp.c
index 724cbf0..1d02def 100644
--- a/lib/auth_srp.c
+++ b/lib/auth_srp.c
@@ -103,7 +103,7 @@ check_b_mod_n (bigint_t b, bigint_t n)
 inline static int
 check_a_mod_n (bigint_t a, bigint_t n)
 {
-  int ret;
+  int ret, err = 0;
   bigint_t r;
 
   r = _gnutls_mpi_mod (a, n);
@@ -114,10 +114,18 @@ check_a_mod_n (bigint_t a, bigint_t n)
     }
 
   ret = _gnutls_mpi_cmp_ui (r, 0);
+  if (ret == 0) err = 1;
+
+  ret = _gnutls_mpi_cmp_ui (r, 1);
+  if (ret == 0) err = 1;
+
+  _gnutls_mpi_add_ui(r, r, 1);
+  ret = _gnutls_mpi_cmp (r, n);
+  if (ret == 0) err = 1;
 
   _gnutls_mpi_release (&r);
 
-  if (ret == 0)
+  if (err != 0)
     {
       gnutls_assert ();
       return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c
index 2c6a6c3..1dc8d66 100644
--- a/lib/gnutls_dh.c
+++ b/lib/gnutls_dh.c
@@ -94,21 +94,46 @@ gnutls_calc_dh_secret (bigint_t * ret_x, bigint_t g, 
bigint_t prime)
 bigint_t
 gnutls_calc_dh_key (bigint_t f, bigint_t x, bigint_t prime)
 {
-  bigint_t k;
+  bigint_t k, ff, ret;
   int bits;
+  
+  ff = _gnutls_mpi_mod(f, prime);
+  _gnutls_mpi_add_ui(ff, ff, 1);
+
+  /* check if f==0,1,p-1. 
+   * or (ff=f+1) equivalently ff==1,2,p */
+  if ((_gnutls_mpi_cmp_ui(ff, 2) == 0) || (_gnutls_mpi_cmp_ui(ff, 1) == 0) ||
+      (_gnutls_mpi_cmp(ff,prime) == 0))
+    {
+      gnutls_assert();
+      ret = NULL;
+      goto cleanup;
+    }
 
   bits = _gnutls_mpi_get_nbits (prime);
   if (bits <= 0 || bits > MAX_BITS)
     {
       gnutls_assert ();
-      return NULL;
+      ret = NULL;
+      goto cleanup;
     }
 
   k = _gnutls_mpi_alloc_like (prime);
   if (k == NULL)
-    return NULL;
+    {
+      gnutls_assert();
+      ret = NULL;
+      goto cleanup;
+    }
+
   _gnutls_mpi_powm (k, f, x, prime);
-  return k;
+
+  ret = k;
+
+cleanup:
+  _gnutls_mpi_release (&ff);
+  
+  return ret;
 }
 
 /*-


hooks/post-receive
-- 
GNU gnutls