Package: libpolarssl7 Version: 1.3.9-2.1 Severity: normal Tags: upstream patch
dhm_parse_dhmfile() fails to parse a valid PCKS#3 file.
The file i'm testing is in DER format, attached here.
Here's example code to test it:
-----------
#include <stdio.h>
#include <polarssl/dhm.h>
int main(int argc, const char* argv[]) {
dhm_context dh;
int err;
dhm_init(&dh);
err = dhm_parse_dhmfile( &dh, argv[1] ) ;
printf("error -0x%x when parsing %s\n", -err, argv[1]);
return 0;
}
-----------
This example code works fine for other DER-formatted files,
particularly those that don't have the third integer
(privateValueLength) included. Maybe polarssl needs to learn about
this third parameter?
the PKCS#3 spec:
ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc
declares it this way:
DHParameter ::= SEQUENCE {
prime INTEGER, -- p
base INTEGER, -- g
privateValueLength INTEGER OPTIONAL }
This file was generated with:
certtool --generate-dh-params > dh.pem
openssl dhparam -inform PEM -outform DER < dh.pem >dh.der
It works fine in /usr/bin/certtool (from gnutls-bin) and openssl
dhparam:
0 dkg@alice:~/tmp$ certtool --inder --dh-info < ~/src/polarssl/testdhm/dh.der
Recommended key length: 256 bits
generator:
df:b1:4c:70:00:ba:e8:6a:c5:3b:4b:e9:ba:29:3f:
1b:fe:93:a6:6b:80:e7:b9:c1:cf:94:e4:2e:3f:47:
59:ea:be:20:bd:06:c3:b5:31:72:91:37:f8:9f:05:
82:84:f8:84:56:8d:d1:48:c6:bc:9b:3d:0c:cf:01:
c5:7a:51:06:26:d5:38:c6:e8:9e:fa:77:a2:34:11:
ce:51:12:e2:aa:e7:c1:0a:6b:63:5a:4b:e2:3e:1f:
28:15:ba:10:3a:b3:6a:69:99:d6:67:54:c1:d3:2d:
42:29:2c:61:71:70:b8:49:6a:7a:bd:fa:79:4e:c6:
89:e9:88:23:dc:d3:32:52:28:95:34:27:7b:75:a2:
67:99:de:08:35:59:a6:c7:ff:66:46:a4:98:45:85:
20:07:8b:df:c1:7f:69:2e:1a:b6:5b:b5:38:29:da:
3d:0e:8c:23:53:e6:ab:6d:93:67:19:29:14:8a:21:
fe:18:7d:4e:a0:e2:58:a8:3c:58:a8:e1:08:a7:a1:
14:fc:05:49:f0:b4:af:cf:f9:db:bd:29:35:4c:86:
9b:66:58:6b:ad:15:f6:9d:9f:1e:94:db:a5:78:67:
a5:19:d7:44:a4:a3:dc:e0:2e:89:f1:c0:45:d5:df:
a2:cc:7d:90:f5:78:2c:45:cb:72:ce:35:3d:bb:d4:
35:
prime:
f0:fe:52:ad:3c:25:3d:71:2e:6c:b5:98:77:7b:f0:
6a:85:fa:c3:de:37:72:ea:90:3c:b9:e7:61:65:69:
02:4c:f2:11:f0:c7:91:c5:1d:61:7f:23:6c:b9:e2:
21:8a:ea:d9:e1:9d:f9:02:02:13:84:aa:c3:28:b2:
ea:6c:cc:c4:ed:b4:07:ff:1b:d4:3c:ea:77:c9:7e:
49:c1:d2:43:66:ca:ee:ea:e0:1f:ef:5f:07:d3:e2:
e5:bb:64:7d:28:b0:8f:df:8b:5a:2c:9d:9f:e5:6b:
e2:fb:54:0a:60:60:ed:5d:c3:95:c8:22:66:63:3c:
96:c5:7c:ba:21:17:ac:ec:f6:6e:f8:29:4a:57:af:
41:c6:65:a6:3d:99:34:54:05:1c:ed:05:aa:68:c1:
6c:7b:99:b6:6d:38:97:54:b9:c7:67:9b:2b:5f:84:
b0:38:6d:72:82:70:a8:cb:fa:9d:b2:39:64:9c:0c:
eb:c1:52:5f:34:38:35:73:b2:c9:dd:82:bd:8f:62:
0e:0d:1a:b5:c0:41:43:8a:84:4d:4c:db:47:c8:61:
ab:db:77:b8:d9:8d:75:4c:27:69:8a:a6:f8:1f:2f:
60:67:19:9b:a3:ee:97:68:ae:79:e1:6e:93:ac:80:
c9:06:ef:e3:16:c6:73:67:6a:9f:ab:75:a5:bc:b6:
29:
-----BEGIN DH PARAMETERS-----
MIICDgKCAQEA8P5SrTwlPXEubLWYd3vwaoX6w943cuqQPLnnYWVpAkzyEfDHkcUd
YX8jbLniIYrq2eGd+QICE4Sqwyiy6mzMxO20B/8b1Dzqd8l+ScHSQ2bK7urgH+9f
B9Pi5btkfSiwj9+LWiydn+Vr4vtUCmBg7V3DlcgiZmM8lsV8uiEXrOz2bvgpSlev
QcZlpj2ZNFQFHO0FqmjBbHuZtm04l1S5x2ebK1+EsDhtcoJwqMv6nbI5ZJwM68FS
XzQ4NXOyyd2CvY9iDg0atcBBQ4qETUzbR8hhq9t3uNmNdUwnaYqm+B8vYGcZm6Pu
l2iueeFuk6yAyQbv4xbGc2dqn6t1pby2KQKCAQEA37FMcAC66GrFO0vpuik/G/6T
pmuA57nBz5TkLj9HWeq+IL0Gw7UxcpE3+J8FgoT4hFaN0UjGvJs9DM8BxXpRBibV
OMbonvp3ojQRzlES4qrnwQprY1pL4j4fKBW6EDqzammZ1mdUwdMtQiksYXFwuElq
er36eU7GiemII9zTMlIolTQne3WiZ5neCDVZpsf/ZkakmEWFIAeL38F/aS4atlu1
OCnaPQ6MI1Pmq22TZxkpFIoh/hh9TqDiWKg8WKjhCKehFPwFSfC0r8/5270pNUyG
m2ZYa60V9p2fHpTbpXhnpRnXRKSj3OAuifHARdXfosx9kPV4LEXLcs41PbvUNQIC
AQA=
-----END DH PARAMETERS-----
0 dkg@alice:~/tmp$ openssl dhparam -text -inform DER <
~/src/polarssl/testdhm/dh.der
PKCS#3 DH Parameters: (2048 bit)
prime:
00:f0:fe:52:ad:3c:25:3d:71:2e:6c:b5:98:77:7b:
f0:6a:85:fa:c3:de:37:72:ea:90:3c:b9:e7:61:65:
69:02:4c:f2:11:f0:c7:91:c5:1d:61:7f:23:6c:b9:
e2:21:8a:ea:d9:e1:9d:f9:02:02:13:84:aa:c3:28:
b2:ea:6c:cc:c4:ed:b4:07:ff:1b:d4:3c:ea:77:c9:
7e:49:c1:d2:43:66:ca:ee:ea:e0:1f:ef:5f:07:d3:
e2:e5:bb:64:7d:28:b0:8f:df:8b:5a:2c:9d:9f:e5:
6b:e2:fb:54:0a:60:60:ed:5d:c3:95:c8:22:66:63:
3c:96:c5:7c:ba:21:17:ac:ec:f6:6e:f8:29:4a:57:
af:41:c6:65:a6:3d:99:34:54:05:1c:ed:05:aa:68:
c1:6c:7b:99:b6:6d:38:97:54:b9:c7:67:9b:2b:5f:
84:b0:38:6d:72:82:70:a8:cb:fa:9d:b2:39:64:9c:
0c:eb:c1:52:5f:34:38:35:73:b2:c9:dd:82:bd:8f:
62:0e:0d:1a:b5:c0:41:43:8a:84:4d:4c:db:47:c8:
61:ab:db:77:b8:d9:8d:75:4c:27:69:8a:a6:f8:1f:
2f:60:67:19:9b:a3:ee:97:68:ae:79:e1:6e:93:ac:
80:c9:06:ef:e3:16:c6:73:67:6a:9f:ab:75:a5:bc:
b6:29
generator:
00:df:b1:4c:70:00:ba:e8:6a:c5:3b:4b:e9:ba:29:
3f:1b:fe:93:a6:6b:80:e7:b9:c1:cf:94:e4:2e:3f:
47:59:ea:be:20:bd:06:c3:b5:31:72:91:37:f8:9f:
05:82:84:f8:84:56:8d:d1:48:c6:bc:9b:3d:0c:cf:
01:c5:7a:51:06:26:d5:38:c6:e8:9e:fa:77:a2:34:
11:ce:51:12:e2:aa:e7:c1:0a:6b:63:5a:4b:e2:3e:
1f:28:15:ba:10:3a:b3:6a:69:99:d6:67:54:c1:d3:
2d:42:29:2c:61:71:70:b8:49:6a:7a:bd:fa:79:4e:
c6:89:e9:88:23:dc:d3:32:52:28:95:34:27:7b:75:
a2:67:99:de:08:35:59:a6:c7:ff:66:46:a4:98:45:
85:20:07:8b:df:c1:7f:69:2e:1a:b6:5b:b5:38:29:
da:3d:0e:8c:23:53:e6:ab:6d:93:67:19:29:14:8a:
21:fe:18:7d:4e:a0:e2:58:a8:3c:58:a8:e1:08:a7:
a1:14:fc:05:49:f0:b4:af:cf:f9:db:bd:29:35:4c:
86:9b:66:58:6b:ad:15:f6:9d:9f:1e:94:db:a5:78:
67:a5:19:d7:44:a4:a3:dc:e0:2e:89:f1:c0:45:d5:
df:a2:cc:7d:90:f5:78:2c:45:cb:72:ce:35:3d:bb:
d4:35
recommended-private-length: 256 bits
-----BEGIN DH PARAMETERS-----
MIICDgKCAQEA8P5SrTwlPXEubLWYd3vwaoX6w943cuqQPLnnYWVpAkzyEfDHkcUd
YX8jbLniIYrq2eGd+QICE4Sqwyiy6mzMxO20B/8b1Dzqd8l+ScHSQ2bK7urgH+9f
B9Pi5btkfSiwj9+LWiydn+Vr4vtUCmBg7V3DlcgiZmM8lsV8uiEXrOz2bvgpSlev
QcZlpj2ZNFQFHO0FqmjBbHuZtm04l1S5x2ebK1+EsDhtcoJwqMv6nbI5ZJwM68FS
XzQ4NXOyyd2CvY9iDg0atcBBQ4qETUzbR8hhq9t3uNmNdUwnaYqm+B8vYGcZm6Pu
l2iueeFuk6yAyQbv4xbGc2dqn6t1pby2KQKCAQEA37FMcAC66GrFO0vpuik/G/6T
pmuA57nBz5TkLj9HWeq+IL0Gw7UxcpE3+J8FgoT4hFaN0UjGvJs9DM8BxXpRBibV
OMbonvp3ojQRzlES4qrnwQprY1pL4j4fKBW6EDqzammZ1mdUwdMtQiksYXFwuElq
er36eU7GiemII9zTMlIolTQne3WiZ5neCDVZpsf/ZkakmEWFIAeL38F/aS4atlu1
OCnaPQ6MI1Pmq22TZxkpFIoh/hh9TqDiWKg8WKjhCKehFPwFSfC0r8/5270pNUyG
m2ZYa60V9p2fHpTbpXhnpRnXRKSj3OAuifHARdXfosx9kPV4LEXLcs41PbvUNQIC
AQA=
-----END DH PARAMETERS-----
0 dkg@alice:~/tmp$ dumpasn1 ~/src/polarssl/testdhm/dh.der
0 526: SEQUENCE {
4 257: INTEGER
: 00 F0 FE 52 AD 3C 25 3D 71 2E 6C B5 98 77 7B F0
: 6A 85 FA C3 DE 37 72 EA 90 3C B9 E7 61 65 69 02
: 4C F2 11 F0 C7 91 C5 1D 61 7F 23 6C B9 E2 21 8A
: EA D9 E1 9D F9 02 02 13 84 AA C3 28 B2 EA 6C CC
: C4 ED B4 07 FF 1B D4 3C EA 77 C9 7E 49 C1 D2 43
: 66 CA EE EA E0 1F EF 5F 07 D3 E2 E5 BB 64 7D 28
: B0 8F DF 8B 5A 2C 9D 9F E5 6B E2 FB 54 0A 60 60
: ED 5D C3 95 C8 22 66 63 3C 96 C5 7C BA 21 17 AC
: [ Another 129 bytes skipped ]
265 257: INTEGER
: 00 DF B1 4C 70 00 BA E8 6A C5 3B 4B E9 BA 29 3F
: 1B FE 93 A6 6B 80 E7 B9 C1 CF 94 E4 2E 3F 47 59
: EA BE 20 BD 06 C3 B5 31 72 91 37 F8 9F 05 82 84
: F8 84 56 8D D1 48 C6 BC 9B 3D 0C CF 01 C5 7A 51
: 06 26 D5 38 C6 E8 9E FA 77 A2 34 11 CE 51 12 E2
: AA E7 C1 0A 6B 63 5A 4B E2 3E 1F 28 15 BA 10 3A
: B3 6A 69 99 D6 67 54 C1 D3 2D 42 29 2C 61 71 70
: B8 49 6A 7A BD FA 79 4E C6 89 E9 88 23 DC D3 32
: [ Another 129 bytes skipped ]
526 2: INTEGER 256
: }
0 warnings, 0 errors.
0 dkg@alice:~/tmp$
This is upstream's https://github.com/ARMmbed/mbedtls/pull/186
The attached patch against the head of mbedtls development should
apply to polarssl as well (may need a bit of fiddling).
Regards,
--dkg
-- System Information:
Debian Release: 8.0
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libpolarssl7 depends on:
ii libc6 2.19-17
libpolarssl7 recommends no packages.
libpolarssl7 suggests no packages.
-- debconf-show failed
dh.der
Description: Binary data
>From 4b39b8c84eed871177a88cd9bc2648e158b15161 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <d...@fifthhorseman.net>
Date: Fri, 3 Apr 2015 13:09:24 -0400
Subject: [PATCH] accept PKCS#3 DH parameters with privateValueLength included
library/dhm.c: accept (and ignore) optional privateValueLength for
PKCS#3 DH parameters.
PKCS#3 defines the ASN.1 encoding of a DH parameter set like this:
----------------
DHParameter ::= SEQUENCE {
prime INTEGER, -- p
base INTEGER, -- g
privateValueLength INTEGER OPTIONAL }
The fields of type DHParameter have the following meanings:
o prime is the prime p.
o base is the base g.
o privateValueLength is the optional private-value
length l.
----------------
See: ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc
This optional parameter was added in PKCS#3 version 1.4, released
November 1, 1993.
dhm.c currently doesn't cope well with PKCS#3 files that have this
optional final parameter included. i see errors like:
------------
dhm_parse_dhmfile returned -0x33E6
Last error was: -0x33E6 - DHM - The ASN.1 data is not formatted correctly : ASN1 - Actual length differs from expected lengt
------------
You can generate PKCS#3 files with this final parameter with recent
versions of certtool from GnuTLS:
certtool --generate-dh-params > dh.pem
---
library/dhm.c | 25 ++++++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/library/dhm.c b/library/dhm.c
index 9fb7a21..0a4f820 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -444,8 +444,9 @@ int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin,
/*
* DHParams ::= SEQUENCE {
- * prime INTEGER, -- P
- * generator INTEGER, -- g
+ * prime INTEGER, -- P
+ * generator INTEGER, -- g
+ * privateValueLength INTEGER OPTIONAL
* }
*/
if( ( ret = asn1_get_tag( &p, end, &len,
@@ -466,9 +467,23 @@ int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin,
if( p != end )
{
- ret = POLARSSL_ERR_DHM_INVALID_FORMAT +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH;
- goto exit;
+ /* this might be the optional privateValueLength; If so, we
+ can cleanly discard it; */
+ mpi rec;
+ mpi_init( &rec );
+ ret = asn1_get_mpi( &p, end, &rec );
+ mpi_free( &rec );
+ if ( ret != 0 )
+ {
+ ret = POLARSSL_ERR_DHM_INVALID_FORMAT + ret;
+ goto exit;
+ }
+ if ( p != end )
+ {
+ ret = POLARSSL_ERR_DHM_INVALID_FORMAT +
+ POLARSSL_ERR_ASN1_LENGTH_MISMATCH;
+ goto exit;
+ }
}
ret = 0;
--
2.1.4
