From ad59a2a4a737ee8d1476015b14d4dcada12fc36b Mon Sep 17 00:00:00 2001
From: Chris Jones <christopher.jones@arm.com>
Date: Wed, 25 Nov 2020 15:12:39 +0000
Subject: [PATCH] Fix potential DoS by limiting number sizes in exponentiation

Check that the exponent and modulus is below `MBEDTLS_MPI_MAX_BITS` before
performing a time expensive operation (modular exponentiation). This prevents
a potential DoS from Diffie-Hellman computations with extremely
large key sizes.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
---
 library/bignum.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/bignum.c b/library/bignum.c
index dfe976d64..a9d51944e 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -2058,6 +2058,10 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
     if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
         return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
 
+    if( mbedtls_mpi_bitlen( E ) > MBEDTLS_MPI_MAX_BITS ||
+        mbedtls_mpi_bitlen( N ) > MBEDTLS_MPI_MAX_BITS )
+        return ( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
     /*
      * Init temps and window size
      */