mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-11 22:24:19 +01:00
Fail the build if MBEDTLS_ECP_MAX_BITS is not large enough
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
8639048631
commit
6dba3200d4
4
ChangeLog.d/ecp_max_bits.txt
Normal file
4
ChangeLog.d/ecp_max_bits.txt
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
Security
|
||||||
|
* It was possible to configure MBEDTLS_ECP_MAX_BITS to a value that is
|
||||||
|
too small, leading to buffer overflows in ECC operations. Fail the build
|
||||||
|
in such a case.
|
@ -171,6 +171,40 @@ typedef struct mbedtls_ecp_point
|
|||||||
}
|
}
|
||||||
mbedtls_ecp_point;
|
mbedtls_ecp_point;
|
||||||
|
|
||||||
|
/* Determine the minimum safe value of MBEDTLS_ECP_MAX_BITS. */
|
||||||
|
#if !defined(MBEDTLS_ECP_C)
|
||||||
|
#define MBEDTLS_ECP_MAX_BITS_MIN 0
|
||||||
|
/* Note: the curves must be listed in DECREASING size! */
|
||||||
|
#elif defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||||
|
#define MBEDTLS_ECP_MAX_BITS_MIN 521
|
||||||
|
#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
|
||||||
|
#define MBEDTLS_ECP_MAX_BITS_MIN 512
|
||||||
|
#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||||
|
#define MBEDTLS_ECP_MAX_BITS_MIN 448
|
||||||
|
#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
|
||||||
|
#define MBEDTLS_ECP_MAX_BITS_MIN 384
|
||||||
|
#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||||
|
#define MBEDTLS_ECP_MAX_BITS_MIN 384
|
||||||
|
#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
|
||||||
|
#define MBEDTLS_ECP_MAX_BITS_MIN 256
|
||||||
|
#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
|
||||||
|
#define MBEDTLS_ECP_MAX_BITS_MIN 256
|
||||||
|
#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||||
|
#define MBEDTLS_ECP_MAX_BITS_MIN 256
|
||||||
|
#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||||
|
#define MBEDTLS_ECP_MAX_BITS_MIN 255
|
||||||
|
#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
|
||||||
|
#define MBEDTLS_ECP_MAX_BITS_MIN 225 // n is slightly above 2^224
|
||||||
|
#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
|
||||||
|
#define MBEDTLS_ECP_MAX_BITS_MIN 224
|
||||||
|
#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
|
||||||
|
#define MBEDTLS_ECP_MAX_BITS_MIN 192
|
||||||
|
#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
|
||||||
|
#define MBEDTLS_ECP_MAX_BITS_MIN 192
|
||||||
|
#else
|
||||||
|
#error "MBEDTLS_ECP_C enabled, but no curve?"
|
||||||
|
#endif
|
||||||
|
|
||||||
#if !defined(MBEDTLS_ECP_ALT)
|
#if !defined(MBEDTLS_ECP_ALT)
|
||||||
/*
|
/*
|
||||||
* default mbed TLS elliptic curve arithmetic implementation
|
* default mbed TLS elliptic curve arithmetic implementation
|
||||||
@ -245,7 +279,13 @@ mbedtls_ecp_group;
|
|||||||
* \{
|
* \{
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#if !defined(MBEDTLS_ECP_MAX_BITS)
|
#if defined(MBEDTLS_ECP_MAX_BITS)
|
||||||
|
|
||||||
|
#if MBEDTLS_ECP_MAX_BITS < MBEDTLS_ECP_MAX_BITS_MIN
|
||||||
|
#error "MBEDTLS_ECP_MAX_BITS is smaller than the largest supported curve"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#else
|
||||||
/**
|
/**
|
||||||
* The maximum size of the groups, that is, of \c N and \c P.
|
* The maximum size of the groups, that is, of \c N and \c P.
|
||||||
*/
|
*/
|
||||||
|
Loading…
Reference in New Issue
Block a user