Simplify mbedtls_debug_print_mpi and fix the case of empty bignums

Rewrite mbedtls_debug_print_mpi to be simpler and smaller. Leverage
mbedtls_mpi_bitlen() instead of manually looking for the leading
zeros.

Fix #4608: the old code made an invalid memory dereference when
X->n==0 (freshly initialized bignum with the value 0).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-06-02 20:17:46 +02:00
parent fba257d391
commit 2ee0bb333c
2 changed files with 34 additions and 41 deletions

View file

@ -0,0 +1,5 @@
Bugfix
* Fix a crash in mbedtls_mpi_debug_mpi on a bignum having 0 limbs. This
could notably be triggered by setting the TLS debug level to 3 or above
and using a Montgomery curve for the key exchange. Reported by lhuang04
in #4578. Fixes #4608.

View file

@ -220,8 +220,8 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
const char *text, const mbedtls_mpi *X ) const char *text, const mbedtls_mpi *X )
{ {
char str[DEBUG_BUF_SIZE]; char str[DEBUG_BUF_SIZE];
int j, k, zeros = 1; size_t bitlen;
size_t i, n, idx = 0; size_t idx = 0;
if( NULL == ssl || if( NULL == ssl ||
NULL == ssl->conf || NULL == ssl->conf ||
@ -232,55 +232,43 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
return; return;
} }
for( n = X->n - 1; n > 0; n-- ) bitlen = mbedtls_mpi_bitlen( X );
if( X->p[n] != 0 )
break;
for( j = ( sizeof(mbedtls_mpi_uint) << 3 ) - 1; j >= 0; j-- )
if( ( ( X->p[n] >> j ) & 1 ) != 0 )
break;
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "value of '%s' (%d bits) is:\n",
text, (int) ( ( n * ( sizeof(mbedtls_mpi_uint) << 3 ) ) + j + 1 ) );
mbedtls_snprintf( str, sizeof( str ), "value of '%s' (%u bits) is:\n",
text, (unsigned) bitlen );
debug_send_line( ssl, level, file, line, str ); debug_send_line( ssl, level, file, line, str );
idx = 0; if( bitlen == 0 )
for( i = n + 1, j = 0; i > 0; i-- )
{ {
if( zeros && X->p[i - 1] == 0 ) str[0] = ' '; str[1] = '0'; str[2] = '0';
continue; idx = 3;
}
for( k = sizeof( mbedtls_mpi_uint ) - 1; k >= 0; k-- ) else
{
int n;
for( n = ( bitlen - 1 ) / 8; n >= 0; n-- )
{ {
if( zeros && ( ( X->p[i - 1] >> ( k << 3 ) ) & 0xFF ) == 0 ) size_t limb_offset = n / sizeof( mbedtls_mpi_uint );
continue; size_t offset_in_limb = n % sizeof( mbedtls_mpi_uint );
else unsigned char octet =
zeros = 0; ( X->p[limb_offset] >> ( offset_in_limb * 8 ) ) & 0xff;
mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", octet );
if( j % 16 == 0 ) idx += 3;
/* Wrap lines after 16 octets that each take 3 columns */
if( idx >= 3 * 16 )
{ {
if( j > 0 ) mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
{ debug_send_line( ssl, level, file, line, str );
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" ); idx = 0;
debug_send_line( ssl, level, file, line, str );
idx = 0;
}
} }
idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", (unsigned int)
( X->p[i - 1] >> ( k << 3 ) ) & 0xFF );
j++;
} }
} }
if( zeros == 1 ) if( idx != 0 )
idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " 00" ); {
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" ); debug_send_line( ssl, level, file, line, str );
debug_send_line( ssl, level, file, line, str ); }
} }
#endif /* MBEDTLS_BIGNUM_C */ #endif /* MBEDTLS_BIGNUM_C */