Fail the build if MBEDTLS_ECP_MAX_BITS is not large enough

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-06-02 23:21:07 +02:00
parent 8639048631
commit 6dba3200d4
2 changed files with 45 additions and 1 deletions

View File

@ -0,0 +1,4 @@
Security
* It was possible to configure MBEDTLS_ECP_MAX_BITS to a value that is
too small, leading to buffer overflows in ECC operations. Fail the build
in such a case.

View File

@ -171,6 +171,40 @@ typedef struct mbedtls_ecp_point
} }
mbedtls_ecp_point; mbedtls_ecp_point;
/* Determine the minimum safe value of MBEDTLS_ECP_MAX_BITS. */
#if !defined(MBEDTLS_ECP_C)
#define MBEDTLS_ECP_MAX_BITS_MIN 0
/* Note: the curves must be listed in DECREASING size! */
#elif defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 521
#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 512
#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 448
#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 384
#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 384
#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 256
#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 256
#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 256
#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 255
#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 225 // n is slightly above 2^224
#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 224
#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 192
#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS_MIN 192
#else
#error "MBEDTLS_ECP_C enabled, but no curve?"
#endif
#if !defined(MBEDTLS_ECP_ALT) #if !defined(MBEDTLS_ECP_ALT)
/* /*
* default mbed TLS elliptic curve arithmetic implementation * default mbed TLS elliptic curve arithmetic implementation
@ -245,7 +279,13 @@ mbedtls_ecp_group;
* \{ * \{
*/ */
#if !defined(MBEDTLS_ECP_MAX_BITS) #if defined(MBEDTLS_ECP_MAX_BITS)
#if MBEDTLS_ECP_MAX_BITS < MBEDTLS_ECP_MAX_BITS_MIN
#error "MBEDTLS_ECP_MAX_BITS is smaller than the largest supported curve"
#endif
#else
/** /**
* The maximum size of the groups, that is, of \c N and \c P. * The maximum size of the groups, that is, of \c N and \c P.
*/ */