mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-04 06:40:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add safety for keys larger than we currently support.

Browse Source 
Prevent buffer overflow with keys whos grp.nbits is greater than
PSA_VENDOR_ECC_MAX_CURVE_BITS.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott 2023-02-15 18:23:53 +00:00
parent 93d9ca83ea
commit ba70ad4944
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
library/psa_crypto.c
View File

@ -3577,6 +3577,11 @@ psa_status_t mbedtls_psa_sign_hash_start(
required_hash_length = (hash_length < operation->coordinate_bytes ?
hash_length : operation->coordinate_bytes);
if (required_hash_length > sizeof(operation->hash)) {
/* Shouldn't happen, but better safe than sorry. */
return PSA_ERROR_CORRUPTION_DETECTED;
}
memcpy(operation->hash, hash, required_hash_length);
operation->hash_length = required_hash_length;
@ -3812,6 +3817,11 @@ psa_status_t mbedtls_psa_verify_hash_start(
required_hash_length = (hash_length < coordinate_bytes ? hash_length :
coordinate_bytes);
if (required_hash_length > sizeof(operation->hash)) {
/* Shouldn't happen, but better safe than sorry. */
return PSA_ERROR_CORRUPTION_DETECTED;
}
memcpy(operation->hash, hash, required_hash_length);
operation->hash_length = required_hash_length;