Cherry picked from libtommath 7bbc1f8e4fe6dce75055957645117180768efb15.
Vulnerability Detail:
CVE Identifier: CVE-2023-36328
Description: Integer Overflow vulnerability in mp_grow in libtom
libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9,
allows attackers to execute arbitrary code and cause a denial of
service (DoS).
Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-36328
Reported-by: https://github.com/Crispy-fried-chicken
The pseudo keyword 'fallthrough' is defined such that case statement
blocks must end with any of these keywords:
* break;
* fallthrough;
* continue;
* goto <label>;
* return [expression];
*
* gcc: https://gcc.gnu.org/onlinedocs/gcc/Statement-Attributes.html#Statement-Attributes
The macro is defined either as
__attribute__((__fallthrough__))
or as
do {} while (0) /* fallthrough */
not including the semicolon.
This change implements the Linux kernel style and updates several locations
where "/*fallthrough*/ and /* FALLTHROUGH */ were not previously replaced.
Externally imported code such as libedit, libtommath and sqlite are
restored to their unaltered state.
Change-Id: I69db8167b0d5884f55d96d72de3059a0235a1ba3
s_read_urandom has a while loop to handle read() that returns less
than the full buffer (either due to EINTR or because more than the
atomic guarantee from urandom was requested). However, the target
of the read was always the base pointer p instead of the updated
pointer q, so in the end less than the requested randomness is returned.
Use q instead of p in the read() call.
Upstream pull request:
https://github.com/libtom/libtommath/pull/512
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Modify the signature of mp_find_prime() to permit the number of
Miller-Rabin rounds to be specified. In addition, valid responses
now include MP_NO, MP_YES, and MP_VAL which is returned when
mp_prime_is_prime() fails.
Change-Id: I0195129a4dd75875e6dddb6d49a5ceb30afb1a17
libtommath protects the inclusion of functions by wrapping their
declarations by CPP #ifdef tests and defining the matching macros
within libtommath_class.h.
Add missing macros:
BN_MP_FIND_PRIME_C
BN_MP_ISPRIME_C
Change-Id: Ic577300114f8e88d7a3af3d9f717a249d57f03b1
As pointed out by Steffen Jaeckel [https://github.com/sjaeckel],
within bn_mp_prime_next_prime() t <= PRIME_SIZE as per the check
at the top of the function. Remove the unnecessary comparison in
a for loop conditional.
Change-Id: I868bee1a7a019e0ab06bf2b81cc71cf66ca9acff
most of these warnings are not problems because of ample
use of abort() calls. However, the large number of warnings
makes it difficult to identify real problems. Initialize
the variables to shut up the compilers.
Change-Id: I8477c11b17c7b6a7d9074c721fdd2d7303b186a8
