From 5dea5f355a4707f03dafa558c161ae7a4fa6eb4e Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 4 Oct 2024 18:56:17 +0200
Subject: [PATCH] mbedtls_ecdsa_raw_to_der and mbedtls_ecdsa_der_to_raw: reject
 bits==0

Cleanly reject bits == 0 when calling mbedtls_ecdsa_raw_to_der() and
mbedtls_ecdsa_der_to_raw(). This can plausibly happen when bits is
user-provided data that the calling application doesn't check.

Before this patch, there was typically-benign undefined behavior, such as
adding 0 to a null pointer or calling memcpy on a null pointer with a size
of 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/psa_util.c                           | 6 ++++++
 tests/suites/test_suite_psa_crypto_util.data | 9 +++++++++
 2 files changed, 15 insertions(+)

diff --git a/library/psa_util.c b/library/psa_util.c
index 679d00ea9b..014e648ad1 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -440,6 +440,9 @@ int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_l
     unsigned char *p = der + der_size;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
+    if (bits == 0) {
+        return MBEDTLS_ERR_ASN1_INVALID_DATA;
+    }
     if (raw_len != (2 * coordinate_len)) {
         return MBEDTLS_ERR_ASN1_INVALID_DATA;
     }
@@ -559,6 +562,9 @@ int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_l
     size_t coordinate_size = PSA_BITS_TO_BYTES(bits);
     int ret;
 
+    if (bits == 0) {
+        return MBEDTLS_ERR_ASN1_INVALID_DATA;
+    }
     /* The output raw buffer should be at least twice the size of a raw
      * coordinate in order to store r and s. */
     if (raw_size < coordinate_size * 2) {
diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data
index c84a8368cd..a0ec9fd554 100644
--- a/tests/suites/test_suite_psa_crypto_util.data
+++ b/tests/suites/test_suite_psa_crypto_util.data
@@ -1,3 +1,12 @@
+# mbedtls_ecdsa_der_to_raw() doesn't accept a null output buffer,
+# even with otherwise invalid paramters,
+# so we pass it a (non-null) buffer of length 1.
+ECDSA Raw -> DER, 0bit
+ecdsa_raw_to_der:0:"":"00":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA DER -> Raw, 0bit
+ecdsa_der_to_raw:0:"":"":MBEDTLS_ERR_ASN1_INVALID_DATA
+
 ECDSA Raw -> DER, 256bit, Success
 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
 ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0