Add error checking to mbedtls_ecdsa_signature_to_asn1

Add a wrapper to check for errors during MBEDTLS_ASN1_CHK_ADD Substitute backticks with apostrophes
2025-04-19 12:32:10 +00:00 · 2018-02-14 07:43:37 -05:00 · 2018-02-14 07:43:37 -05:00 · 2353781d9e
parent bba0927586
commit 2353781d9e
2 changed files with 22 additions and 7 deletions
--- a/include/mbedtls/pk_info.h
+++ b/include/mbedtls/pk_info.h
@ -71,7 +71,7 @@ extern "C" {
 * - Keep the mbedtls_pk_info_t structure hidden and declare a function
 *   to call instead of mbedtls_pk_setup. This function should have an
 *   interface of the form
- *    `int mbedtls_pk_setup_myengine(mbedtls_pk_context *, ...)`
+ *    'int mbedtls_pk_setup_myengine(mbedtls_pk_context *, ...)'
 *   where the extra parameters depend on the engine, e.g. handles to keys
 *   stored in an external cryptographic module.
 *
@ -228,9 +228,9 @@ struct mbedtls_pk_info_t
     * type does not match the semantic type of \c prv (RSA, ECC or other),
     * then check_pair_func must return #MBEDTLS_ERR_PK_TYPE_MISMATCH.
     *
-     * If \c pub and \c prv are opaque keys from the same engines (i.e. ``),
-     * then check_pair_func must return 0, `#MBEDTLS_ERR_PK_TYPE_MISMATCH`, or
-     * `#MBEDTLS_ERR_RSA_KEY_CHECK_FAILED` or `#MBEDTLS_ERR_ECP_BAD_INPUT_DATA`
+     * If \c pub and \c prv are opaque keys from the same engines (i.e. ''),
+     * then check_pair_func must return 0, #MBEDTLS_ERR_PK_TYPE_MISMATCH, or
+     * #MBEDTLS_ERR_RSA_KEY_CHECK_FAILED or #MBEDTLS_ERR_ECP_BAD_INPUT_DATA
     * as in the case of transparent keys.
     *
     * If \c pub is an opaque key which is not from the same engine as \c prv,
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@ -287,10 +287,13 @@ cleanup:
 #endif /* MBEDTLS_ECDSA_VERIFY_ALT */

 /*
- * Convert a signature (given by context) to ASN.1
+ * Convert a signature (given by context) to ASN.1.
+ * This function may leave a half-written upon encountering an error, and
+ * is for internal use only.
 */
-int mbedtls_ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
-                             unsigned char *sig, size_t *slen, size_t ssize )
+static int internal_ecdsa_signature_to_asn1( const mbedtls_mpi *r,
+                                      const mbedtls_mpi *s, unsigned char *sig,
+                                      size_t *slen, size_t ssize )
 {
    int ret;
    unsigned char *p = sig + ssize;
@ -310,6 +313,18 @@ int mbedtls_ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
    return( 0 );
 }

+/*
+ * Convert a signature (given by context) to ASN.1, zeroize the buffer on error
+ */
+int mbedtls_ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
+                             unsigned char *sig, size_t *slen, size_t ssize )
+{
+    int ret = internal_ecdsa_signature_to_asn1( r, s, sig, slen, ssize );
+    if( ret != 0 )
+        memset( sig, ssize, 0 );
+    return( ret );
+}
+
 /*
 * Compute and write signature. This function assumes that sig is large enough.
 */