Merge pull request #3513 from gilles-peskine-arm/ecp-bignum-error-checks-2.16

Backport 2.16: add missing some error checks in ECP and bignum
This commit is contained in:
Gilles Peskine 2020-12-07 13:06:42 +01:00 committed by GitHub
commit 8ed9ac85e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 43 additions and 39 deletions

View File

@ -0,0 +1,5 @@
Bugfix
* Fix a memory leak in mbedtls_mpi_sub_abs() when the result was negative
(an error condition) and the second operand was aliased to the result.
* Fix a case in elliptic curve arithmetic where an out-of-memory condition
could go undetected, resulting in an incorrect result.

View File

@ -1364,7 +1364,10 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
/* If we ran out of space for the carry, it means that the result /* If we ran out of space for the carry, it means that the result
* is negative. */ * is negative. */
if( n == X->n ) if( n == X->n )
return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); {
ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE;
goto cleanup;
}
--X->p[n]; --X->p[n];
} }

View File

@ -1044,7 +1044,7 @@ static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
STORE32; i++; \ STORE32; i++; \
cur = c > 0 ? c : 0; STORE32; \ cur = c > 0 ? c : 0; STORE32; \
cur = 0; while( ++i < MAX32 ) { STORE32; } \ cur = 0; while( ++i < MAX32 ) { STORE32; } \
if( c < 0 ) fix_negative( N, c, &C, bits ); if( c < 0 ) MBEDTLS_MPI_CHK( fix_negative( N, c, &C, bits ) );
/* /*
* If the result is negative, we get it in the form * If the result is negative, we get it in the form

View File

@ -433,12 +433,6 @@ mbedtls_mpi_add_abs:10:"-12345678":10:"-642531":10:"12988209"
Test mbedtls_mpi_add_abs #1 Test mbedtls_mpi_add_abs #1
mbedtls_mpi_add_abs:10:"-643808006803554439230129854961492699151386107534013432918073439524138264842370630061369715394739134090922937332590384720397133335969549256322620979036686633213903952966175107096769180017646161851573147596390153":10:"56125680981752282333498088313568935051383833838594899821664631784577337171193624243181360054669678410455329112434552942717084003541384594864129940145043086760031292483340068923506115878221189886491132772739661669044958531131327771":10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924" mbedtls_mpi_add_abs:10:"-643808006803554439230129854961492699151386107534013432918073439524138264842370630061369715394739134090922937332590384720397133335969549256322620979036686633213903952966175107096769180017646161851573147596390153":10:"56125680981752282333498088313568935051383833838594899821664631784577337171193624243181360054669678410455329112434552942717084003541384594864129940145043086760031292483340068923506115878221189886491132772739661669044958531131327771":10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924"
Test mbedtls_mpi_add_abs #2 (add to first value)
mpi_add_abs_add_first:10:"123123":10:"123123":10:"246246"
Test mbedtls_mpi_add_abs #3 (add to second value)
mpi_add_abs_add_second:10:"123123":10:"123123":10:"246246"
Regression mbedtls_mpi_add_abs (add small to very large MPI with carry rollover) Regression mbedtls_mpi_add_abs (add small to very large MPI with carry rollover)
mbedtls_mpi_add_abs:16:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFF8":16:"08":16:"1000000000000000000000000000000" mbedtls_mpi_add_abs:16:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFF8":16:"08":16:"1000000000000000000000000000000"

View File

@ -777,6 +777,15 @@ void mbedtls_mpi_add_mpi( int radix_X, char * input_X, int radix_Y,
TEST_ASSERT( mbedtls_mpi_add_mpi( &Z, &X, &Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_add_mpi( &Z, &X, &Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
/* result == first operand */
TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
/* result == second operand */
TEST_ASSERT( mbedtls_mpi_add_mpi( &Y, &X, &Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
exit: exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
} }
@ -822,44 +831,17 @@ void mbedtls_mpi_add_abs( int radix_X, char * input_X, int radix_Y,
TEST_ASSERT( mbedtls_mpi_add_abs( &Z, &X, &Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_add_abs( &Z, &X, &Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
exit: /* result == first operand */
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_add_abs_add_first( int radix_X, char * input_X, int radix_Y,
char * input_Y, int radix_A, char * input_A )
{
mbedtls_mpi X, Y, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A );
TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &A );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_add_abs_add_second( int radix_X, char * input_X, int radix_Y,
char * input_Y, int radix_A, char * input_A )
{
mbedtls_mpi X, Y, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A );
TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); /* result == second operand */
TEST_ASSERT( mbedtls_mpi_add_abs( &Y, &X, &Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_add_abs( &Y, &X, &Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
exit: exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &A ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
} }
/* END_CASE */ /* END_CASE */
@ -893,6 +875,15 @@ void mbedtls_mpi_sub_mpi( int radix_X, char * input_X, int radix_Y,
TEST_ASSERT( mbedtls_mpi_sub_mpi( &Z, &X, &Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_sub_mpi( &Z, &X, &Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
/* result == first operand */
TEST_ASSERT( mbedtls_mpi_sub_mpi( &X, &X, &Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
/* result == second operand */
TEST_ASSERT( mbedtls_mpi_sub_mpi( &Y, &X, &Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
exit: exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
} }
@ -916,6 +907,17 @@ void mbedtls_mpi_sub_abs( int radix_X, char * input_X, int radix_Y,
if( res == 0 ) if( res == 0 )
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
/* result == first operand */
TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &Y ) == sub_result );
if( sub_result == 0 )
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
/* result == second operand */
TEST_ASSERT( mbedtls_mpi_sub_abs( &Y, &X, &Y ) == sub_result );
if( sub_result == 0 )
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
exit: exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
} }