mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-05 00:40:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

pre-existing validation extended

Browse Source 
The validation against key width and max key bits is extended to
all key types from the existing validation for only symmetric keys.

Signed-off-by: Archana <archana.madhavan@silabs.com>
This commit is contained in:
Archana 2021-08-04 10:47:15 +05:30
parent 4d7ae1d8cf
commit 6ed4bda2c6
No known key found for this signature in database
GPG Key ID: 0F162FC9DB6BE502
2 changed files with 11 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
library/psa_crypto.c
View File

@ -558,15 +558,6 @@ psa_status_t psa_import_key_into_slot(
{ {
*bits = PSA_BYTES_TO_BITS( data_length ); *bits = PSA_BYTES_TO_BITS( data_length );
/* Ensure that the bytes-to-bits conversion hasn't overflown. */
if( data_length > SIZE_MAX / 8 )
return( status );
/* Enforce a size limit, and in particular ensure that the bit
* size fits in its representation type. */
if( ( *bits ) > PSA_MAX_KEY_BITS )
return( status );
status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits ); status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); return( status );
@ -1901,6 +1892,10 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
if( data_length == 0 ) if( data_length == 0 )
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
/* Ensure that the bytes-to-bits conversion hasn't overflown. */
if( data_length > SIZE_MAX / 8 )
return( PSA_ERROR_NOT_SUPPORTED );
status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes, status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes,
&slot, &driver ); &slot, &driver );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
@ -1941,6 +1936,13 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
goto exit; goto exit;
} }
/* Enforce a size limit, and in particular ensure that the bit
* size fits in its representation type.*/
if( bits > PSA_MAX_KEY_BITS )
{
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
status = psa_validate_optional_attributes( slot, attributes ); status = psa_validate_optional_attributes( slot, attributes );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;

9
tests/src/drivers/test_driver_key_management.c
View File

@ -271,15 +271,6 @@ psa_status_t mbedtls_test_opaque_import_key(
{ {
*bits = PSA_BYTES_TO_BITS( data_length ); *bits = PSA_BYTES_TO_BITS( data_length );
/* Ensure that the bytes-to-bits conversion hasn't overflown. */
if( data_length > SIZE_MAX / 8 )
goto exit;
/* Enforce a size limit, and in particular ensure that the bit
* size fits in its representation type. */
if( ( *bits ) > PSA_MAX_KEY_BITS )
goto exit;
status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits ); status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;