mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-11 20:35:40 +00:00
Introduce additional buffer size checks to pk.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
parent
7e6075b7fd
commit
a798e5d5cc
14
library/pk.c
14
library/pk.c
|
@ -548,6 +548,7 @@ static size_t uecc_eckey_get_bitlen( const void *ctx )
|
||||||
return( (size_t) ( NUM_ECC_BYTES * 8 ) );
|
return( (size_t) ( NUM_ECC_BYTES * 8 ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* This function compares public keys of two keypairs */
|
||||||
static int uecc_eckey_check_pair( const void *pub, const void *prv )
|
static int uecc_eckey_check_pair( const void *pub, const void *prv )
|
||||||
{
|
{
|
||||||
const mbedtls_uecc_keypair *uecc_pub =
|
const mbedtls_uecc_keypair *uecc_pub =
|
||||||
|
@ -621,13 +622,12 @@ static int uecc_eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
||||||
static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
|
static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
|
||||||
size_t n_len )
|
size_t n_len )
|
||||||
{
|
{
|
||||||
size_t len = 0;
|
size_t len = n_len;
|
||||||
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
|
||||||
if( (size_t)( *p - start ) < n_len )
|
if( (size_t)( *p - start ) < len )
|
||||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||||
|
|
||||||
len = n_len;
|
|
||||||
*p -= len;
|
*p -= len;
|
||||||
ret = mbedtls_platform_memmove( *p, start, len );
|
ret = mbedtls_platform_memmove( *p, start, len );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
|
@ -659,6 +659,9 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
|
||||||
len += 1;
|
len += 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( ( *p - start ) < 2 )
|
||||||
|
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||||
|
|
||||||
/* The ASN.1 length encoding is just a single Byte containing the length,
|
/* The ASN.1 length encoding is just a single Byte containing the length,
|
||||||
* as we assume that the total buffer length is smaller than 128 Bytes. */
|
* as we assume that the total buffer length is smaller than 128 Bytes. */
|
||||||
*--(*p) = len;
|
*--(*p) = len;
|
||||||
|
@ -674,7 +677,7 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
|
||||||
*
|
*
|
||||||
* [in/out] sig: the signature pre- and post-transcoding
|
* [in/out] sig: the signature pre- and post-transcoding
|
||||||
* [in/out] sig_len: signature length pre- and post-transcoding
|
* [in/out] sig_len: signature length pre- and post-transcoding
|
||||||
* [int] buf_len: the available size the in/out buffer
|
* [in] buf_len: the available size the in/out buffer
|
||||||
*
|
*
|
||||||
* Warning: buf_len must be smaller than 128 Bytes.
|
* Warning: buf_len must be smaller than 128 Bytes.
|
||||||
*/
|
*/
|
||||||
|
@ -689,6 +692,9 @@ static int pk_ecdsa_sig_asn1_from_uecc( unsigned char *sig, size_t *sig_len,
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
|
MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
|
MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
|
||||||
|
|
||||||
|
if( p - sig < 2 )
|
||||||
|
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||||
|
|
||||||
/* The ASN.1 length encoding is just a single Byte containing the length,
|
/* The ASN.1 length encoding is just a single Byte containing the length,
|
||||||
* as we assume that the total buffer length is smaller than 128 Bytes. */
|
* as we assume that the total buffer length is smaller than 128 Bytes. */
|
||||||
*--p = len;
|
*--p = len;
|
||||||
|
|
Loading…
Reference in a new issue