mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-13 13:05:38 +00:00
Guard against PSA generating invalid signature
The goal is not to double-check everything PSA does, but to ensure that it anything goes wrong, we fail cleanly rather than by overwriting a buffer.
This commit is contained in:
parent
f4427678ae
commit
29a1325b0d
|
@ -784,13 +784,18 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
|
||||||
memmove( *p, start, len );
|
memmove( *p, start, len );
|
||||||
|
|
||||||
/* ASN.1 DER encoding requires minimal length, so skip leading 0s.
|
/* ASN.1 DER encoding requires minimal length, so skip leading 0s.
|
||||||
* Neither r nor s can be 0, so we can assume len > 0 at all times. */
|
* Neither r nor s should be 0, but as a failsafe measure, still detect
|
||||||
while( **p == 0x00 )
|
* that rather than overflowing the buffer in case of a PSA error. */
|
||||||
|
while( len > 0 && **p == 0x00 )
|
||||||
{
|
{
|
||||||
++(*p);
|
++(*p);
|
||||||
--len;
|
--len;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* this is only reached if the signature was invalid */
|
||||||
|
if( len == 0 )
|
||||||
|
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
|
||||||
|
|
||||||
/* if the msb is 1, ASN.1 requires that we prepend a 0.
|
/* if the msb is 1, ASN.1 requires that we prepend a 0.
|
||||||
* Neither r nor s can be 0, so we can assume len > 0 at all times. */
|
* Neither r nor s can be 0, so we can assume len > 0 at all times. */
|
||||||
if( **p & 0x80 )
|
if( **p & 0x80 )
|
||||||
|
|
Loading…
Reference in a new issue