Merge remote-tracking branch 'public/pr/2142' into development

2024-10-18 12:21:04 +00:00 · 2018-10-27 18:30:08 +01:00 · 2018-10-27 18:30:08 +01:00 · da095619bb
parent ddc9e26b3b b10c66073f
commit da095619bb
2 changed files with 12 additions and 3 deletions
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@ -233,7 +233,9 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
                              unsigned ops );

 /* Utility macro for checking and updating ops budget */
-#define MBEDTLS_ECP_BUDGET( ops )   MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, rs_ctx, ops ) );
+#define MBEDTLS_ECP_BUDGET( ops )   \
+    MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, rs_ctx, \
+                                               (unsigned) (ops) ) );

 #else /* MBEDTLS_ECP_RESTARTABLE */

--- a/library/ecp.c
+++ b/library/ecp.c
@ -248,9 +248,16 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
        else if( grp->pbits >= 384 )
            ops *= 2;

-        /* avoid infinite loops: always allow first step */
-        if( rs_ctx->ops_done != 0 && rs_ctx->ops_done + ops > ecp_max_ops )
+        /* Avoid infinite loops: always allow first step.
+         * Because of that, however, it's not generally true
+         * that ops_done <= ecp_max_ops, so the check
+         * ops_done > ecp_max_ops below is mandatory. */
+        if( ( rs_ctx->ops_done != 0 ) &&
+            ( rs_ctx->ops_done > ecp_max_ops ||
+              ops > ecp_max_ops - rs_ctx->ops_done ) )
+        {
            return( MBEDTLS_ERR_ECP_IN_PROGRESS );
+        }

        /* update running count */
        rs_ctx->ops_done += ops;