From 91dc67d31ca12b1ac2bbfdbfd4a55059713497f9 Mon Sep 17 00:00:00 2001
From: Janos Follath <janos.follath@arm.com>
Date: Fri, 22 Jul 2022 14:24:58 +0100
Subject: [PATCH] Allow (NULL, 0) as a representation of 0

- We don't check for NULL pointers this deep in the library
- Accessing a NULL pointer when the limb number is 0 as a mistake is the
  very similar to any other out of bounds access
- We could potentially mandate at least 1 limb representation for 0 but
  we either would need to enforce it or the implementation would be less
  robust.
- Allowing zero limb representation - (NULL, 0) in particular - for zero
  is present in the legacy interface, if we disallow it, the
  compatibility code will need to deal with this (more code size and
  opportunities for mistakes)

In summary, interpreting (NULL, 0) as the number zero in the core
interface is the least of the two evils.

Signed-off-by: Janos Follath <janos.follath@arm.com>
---
 library/bignum_new.c                 | 12 ++++-------
 tests/suites/test_suite_mpi.data     |  3 +++
 tests/suites/test_suite_mpi.function | 31 ++++++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 8 deletions(-)

diff --git a/library/bignum_new.c b/library/bignum_new.c
index 6cbc8678cf..04f6049233 100644
--- a/library/bignum_new.c
+++ b/library/bignum_new.c
@@ -190,17 +190,13 @@ static int mpi_core_clear( mbedtls_mpi_uint *X,
                            size_t nx,
                            size_t limbs )
 {
-    if( X == NULL )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    else if( nx < limbs )
+    if( nx < limbs )
         return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
 
-    else
-    {
+    if( X != NULL )
         memset( X, 0, nx * ciL );
-        return( 0 );
-    }
+
+    return( 0 );
 }
 
 /* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index 30447a6a3b..1974e3fc38 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -82,6 +82,9 @@ mpi_read_write_string:16:"":2:"0":4:0:0
 Test mpi_write_string #10 (Negative hex with odd number of digits)
 mpi_read_write_string:16:"-1":16:"":3:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
 
+Test mbedtls_mpi_core_io functions with null pointers
+mbedtls_mpi_core_io_null
+
 Test mbedtls_mpi_core_io_be #1 (Buffer and limbs just fit, input limb-aligned)
 mbedtls_mpi_core_io_be:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":96:12:0:0
 
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index 34710c430d..b0d947c9db 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -197,6 +197,37 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void mbedtls_mpi_core_io_null()
+{
+    mbedtls_mpi_uint X = 0;
+    int ret;
+
+    ret = mbedtls_mpi_core_read_be( &X, 1, NULL, 0 );
+    TEST_ASSERT( ret == 0 );
+    ret = mbedtls_mpi_core_write_be( &X, 1, NULL, 0 );
+    TEST_ASSERT( ret == 0 );
+
+    ret = mbedtls_mpi_core_read_be( NULL, 0, NULL, 0 );
+    TEST_ASSERT( ret == 0 );
+    ret = mbedtls_mpi_core_write_be( NULL, 0, NULL, 0 );
+    TEST_ASSERT( ret == 0 );
+
+    ret = mbedtls_mpi_core_read_le( &X, 1, NULL, 0 );
+    TEST_ASSERT( ret == 0 );
+    ret = mbedtls_mpi_core_write_le( &X, 1, NULL, 0 );
+    TEST_ASSERT( ret == 0 );
+
+    ret = mbedtls_mpi_core_read_le( NULL, 0, NULL, 0 );
+    TEST_ASSERT( ret == 0 );
+    ret = mbedtls_mpi_core_write_le( NULL, 0, NULL, 0 );
+    TEST_ASSERT( ret == 0 );
+
+exit:
+    ;
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void mbedtls_mpi_core_io_be( data_t *input, int nb_int, int nx_64_int, int iret,
                              int oret )