From 0b7e07904e6c325c6cb1a581e1cb3925e792296a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Nov 2022 10:45:15 +0100 Subject: [PATCH 1/2] Forbid empty mpi_core in test data This way static analyzers have a chance of knowing we don't expect the bignum functions to support empty inputs. As things are, Coverity keeps complaining about it. Signed-off-by: Gilles Peskine --- tests/src/helpers.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index b7c83646c1..cc23fd7c4d 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -357,8 +357,12 @@ int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, size_t hex_len = strlen( input ); size_t byte_len = ( hex_len + 1 ) / 2; *plimbs = CHARS_TO_LIMBS( byte_len ); + + /* A core bignum is not allowed to be empty. Forbid it as test data, + * this way static analyzers have a chance of knowing we don't expect + * the bignum functions to support empty inputs. */ if( *plimbs == 0 ) - return( 0 ); + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); *pX = mbedtls_calloc( *plimbs, sizeof( **pX ) ); if( *pX == NULL ) From 95b5addcd63dfccd6ac7470983bbdefa36e9c255 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Nov 2022 11:18:38 +0100 Subject: [PATCH 2/2] Don't test mbedtls_mpi_core_lt_ct with 0 limbs A core MPI must have at least 1 limb. We can no longer test with 0 limbs, and we don't need to anyway, so don't try. Signed-off-by: Gilles Peskine --- library/constant_time_internal.h | 1 + tests/suites/test_suite_bignum_core.misc.data | 3 --- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 9cc63c2308..1e4a3ab0be 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -138,6 +138,7 @@ unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x, * \param B The right-hand MPI. This must point to an array of limbs * with the same allocated length as \p A. * \param limbs The number of limbs in \p A and \p B. + * This must not be 0. * * \return The result of the comparison: * \c 1 if \p A is less than \p B. diff --git a/tests/suites/test_suite_bignum_core.misc.data b/tests/suites/test_suite_bignum_core.misc.data index 30c767c742..62480e47f7 100644 --- a/tests/suites/test_suite_bignum_core.misc.data +++ b/tests/suites/test_suite_bignum_core.misc.data @@ -167,9 +167,6 @@ mpi_core_lt_ct:"2B5":"2B4":0 mbedtls_mpi_core_lt_ct: xy (63 bit x, y first byte greater) mpi_core_lt_ct:"7FFFFFFFFFFFFFFF":"00000000000000FF":0