mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 00:15:37 +01:00
Detect unsigned integer overflow in mbedtls_ecp_check_budget()
This commit modifies a bounds check in `mbedtls_ecp_check_budget()` to be correct even if the requested number of ECC operations would overflow the operation counter.
This commit is contained in:
parent
abdf67ee9f
commit
b10c66073f
@ -248,9 +248,16 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
|
||||
else if( grp->pbits >= 384 )
|
||||
ops *= 2;
|
||||
|
||||
/* avoid infinite loops: always allow first step */
|
||||
if( rs_ctx->ops_done != 0 && rs_ctx->ops_done + ops > ecp_max_ops )
|
||||
/* Avoid infinite loops: always allow first step.
|
||||
* Because of that, however, it's not generally true
|
||||
* that ops_done <= ecp_max_ops, so the check
|
||||
* ops_done > ecp_max_ops below is mandatory. */
|
||||
if( ( rs_ctx->ops_done != 0 ) &&
|
||||
( rs_ctx->ops_done > ecp_max_ops ||
|
||||
ops > ecp_max_ops - rs_ctx->ops_done ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_ECP_IN_PROGRESS );
|
||||
}
|
||||
|
||||
/* update running count */
|
||||
rs_ctx->ops_done += ops;
|
||||
|
Loading…
Reference in New Issue
Block a user