mirrors-yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls synced 2024-11-24 16:58:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

Detect unsigned integer overflow in mbedtls_ecp_check_budget()

Browse source 
This commit modifies a bounds check in `mbedtls_ecp_check_budget()` to
be correct even if the requested number of ECC operations would overflow
the operation counter.
This commit is contained in:
Hanno Becker 2018-10-26 13:50:13 +01:00
parent abdf67ee9f
commit b10c66073f
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
library/ecp.c
View file

@ -248,9 +248,16 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
else if( grp->pbits >= 384 ) else if( grp->pbits >= 384 )
ops *= 2; ops *= 2;
/* avoid infinite loops: always allow first step */ /* Avoid infinite loops: always allow first step.
if( rs_ctx->ops_done != 0 && rs_ctx->ops_done + ops > ecp_max_ops ) * Because of that, however, it's not generally true
* that ops_done <= ecp_max_ops, so the check
* ops_done > ecp_max_ops below is mandatory. */
if( ( rs_ctx->ops_done != 0 ) &&
( rs_ctx->ops_done > ecp_max_ops ||
ops > ecp_max_ops - rs_ctx->ops_done ) )
{
return( MBEDTLS_ERR_ECP_IN_PROGRESS ); return( MBEDTLS_ERR_ECP_IN_PROGRESS );
}
/* update running count */ /* update running count */
rs_ctx->ops_done += ops; rs_ctx->ops_done += ops;