From 86c5c61a91e08a3b2ed6d8be326f314726b65712 Mon Sep 17 00:00:00 2001 From: Jonas Date: Fri, 8 May 2020 16:57:18 +0900 Subject: [PATCH 1/3] Fix potential memory leak in EC multiplication Signed-off-by: Jonas --- library/ecp.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 108695bf5..d48e3e89c 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1134,7 +1134,10 @@ static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *p MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); if( count++ > 10 ) - return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + { + ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; + goto cleanup; + } } while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 ); @@ -1552,7 +1555,10 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); if( count++ > 10 ) - return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + { + ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; + goto cleanup; + } } while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 ); From 154b470ff38ef16a9a141a16bb899a0fb1f90239 Mon Sep 17 00:00:00 2001 From: Jonas Date: Wed, 13 May 2020 14:22:45 +0900 Subject: [PATCH 2/3] Add test cases to check rng failure Signed-off-by: Jonas --- tests/suites/test_suite_ecp.data | 8 ++++++++ tests/suites/test_suite_ecp.function | 25 +++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index a43e7d75d..8cc57b743 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -330,6 +330,14 @@ ECP test vectors Curve25519 depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecp_test_vec_x:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660":"057E23EA9F1CBE8A27168F6E696A791DE61DD3AF7ACD4EEACC6E7BA514FDA863":"47DC3D214174820E1154B49BC6CDB2ABD45EE95817055D255AA35831B70D3260":"6EB89DA91989AE37C7EAC7618D9E5C4951DBA1D73C285AE1CD26A855020EEF04":"61450CD98E36016B58776A897A9F0AEF738B99F09468B8D6B8511184D53494AB" +ECP point multiplication rng fail secp256r1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_test_mul_rng:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF" + +ECP point multiplication rng fail Curve25519 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_test_mul_rng:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660" + ECP test vectors secp192k1 depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED ecp_test_vect:MBEDTLS_ECP_DP_SECP192K1:"D1E13A359F6E0F0698791938E6D60246030AE4B0D8D4E9DE":"281BCA982F187ED30AD5E088461EBE0A5FADBB682546DF79":"3F68A8E9441FB93A4DD48CB70B504FCC9AA01902EF5BE0F3":"BE97C5D2A1A94D081E3FACE53E65A27108B7467BDF58DE43":"5EB35E922CD693F7947124F5920022C4891C04F6A8B8DCB2":"60ECF73D0FC43E0C42E8E155FFE39F9F0B531F87B34B6C3C":"372F5C5D0E18313C82AEF940EC3AFEE26087A46F1EBAE923":"D5A9F9182EC09CEAEA5F57EA10225EC77FA44174511985FD" diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 99780c0de..1c4fb5273 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -157,6 +157,31 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void ecp_test_mul_rng( int id, char *d_hex ) +{ + mbedtls_ecp_group grp; + mbedtls_mpi d; + mbedtls_ecp_point Q; + + mbedtls_ecp_group_init( &grp ); mbedtls_mpi_init( &d ); + mbedtls_ecp_point_init( &Q ); + + TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); + + TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_hex ) == 0 ); + + TEST_ASSERT( mbedtls_ecp_mul( &grp, &Q, &d, &grp.G, &rnd_zero_rand, NULL ) + == MBEDTLS_ERR_ECP_RANDOM_FAILED ); + +exit: + mbedtls_ecp_group_free( &grp ); mbedtls_mpi_free( &d ); + mbedtls_ecp_point_free( &Q ); +} +/* END_CASE */ + /* BEGIN_CASE */ void ecp_fast_mod( int id, char *N_str ) { From 701063be99d292cbb8ba850238763e38007f093f Mon Sep 17 00:00:00 2001 From: Jonas Date: Wed, 13 May 2020 14:22:45 +0900 Subject: [PATCH 3/3] Add Changelog entry for #3318 Signed-off-by: Jonas --- ChangeLog.d/fix-ecp-mul-memory-leak.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/fix-ecp-mul-memory-leak.txt diff --git a/ChangeLog.d/fix-ecp-mul-memory-leak.txt b/ChangeLog.d/fix-ecp-mul-memory-leak.txt new file mode 100644 index 000000000..e82cadc2d --- /dev/null +++ b/ChangeLog.d/fix-ecp-mul-memory-leak.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix potential memory leaks in ecp_randomize_jac() and ecp_randomize_mxz() + when PRNG function fails. Contributed by Jonas Lejeune in #3318.