mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-10 06:40:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

mbedtls_ecdsa_raw_to_der and mbedtls_ecdsa_der_to_raw: reject bits==0

Browse Source 
Cleanly reject bits == 0 when calling mbedtls_ecdsa_raw_to_der() and
mbedtls_ecdsa_der_to_raw(). This can plausibly happen when bits is
user-provided data that the calling application doesn't check.

Before this patch, there was typically-benign undefined behavior, such as
adding 0 to a null pointer or calling memcpy on a null pointer with a size
of 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-10-04 18:56:17 +02:00
parent 995702dbae
commit 1ba7e24e14
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tf-psa-crypto/drivers/builtin/src/psa_util.c
View File

@ -440,6 +440,9 @@ int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_l
unsigned char *p = der + der_size; unsigned char *p = der + der_size;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if (bits == 0) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
if (raw_len != (2 * coordinate_len)) { if (raw_len != (2 * coordinate_len)) {
return MBEDTLS_ERR_ASN1_INVALID_DATA; return MBEDTLS_ERR_ASN1_INVALID_DATA;
} }
@ -559,6 +562,9 @@ int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_l
size_t coordinate_size = PSA_BITS_TO_BYTES(bits); size_t coordinate_size = PSA_BITS_TO_BYTES(bits);
int ret; int ret;
if (bits == 0) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
/* The output raw buffer should be at least twice the size of a raw /* The output raw buffer should be at least twice the size of a raw
* coordinate in order to store r and s. */ * coordinate in order to store r and s. */
if (raw_size < coordinate_size * 2) { if (raw_size < coordinate_size * 2) {

9
tf-psa-crypto/tests/suites/test_suite_psa_crypto_util.data
View File

@ -1,3 +1,12 @@
# mbedtls_ecdsa_der_to_raw() doesn't accept a null output buffer,
# even with otherwise invalid paramters,
# so we pass it a (non-null) buffer of length 1.
ECDSA Raw -> DER, 0bit
ecdsa_raw_to_der:0:"":"00":MBEDTLS_ERR_ASN1_INVALID_DATA
ECDSA DER -> Raw, 0bit
ecdsa_der_to_raw:0:"":"":MBEDTLS_ERR_ASN1_INVALID_DATA
ECDSA Raw -> DER, 256bit, Success ECDSA Raw -> DER, 256bit, Success
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0 ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0