Fix bug whereby 0 was written as 0200 rather than 020100

0200 is not just non-DER, it's completely invalid, since there has to be a
sign bit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-06-10 20:13:33 +02:00
parent c9a30fba74
commit 321a08944b
3 changed files with 12 additions and 2 deletions

View file

@ -0,0 +1,2 @@
Bugfix
* Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of 0.

View file

@ -133,6 +133,11 @@ int mbedtls_asn1_write_mpi( unsigned char **p, const unsigned char *start, const
//
len = mbedtls_mpi_size( X );
/* DER represents 0 with a sign bit (0=nonnegative) and 7 value bits, not
* as 0 digits. We need to end up with 020100, not with 0200. */
if( len == 0 )
len = 1;
if( *p < start || (size_t)( *p - start ) < len )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );

View file

@ -91,8 +91,11 @@ mbedtls_asn1_write_enum:0x12345678:"0A0412345678"
ASN.1 Write enum 2147483647
mbedtls_asn1_write_enum:0x7fffffff:"0A047fffffff"
#ASN.1 Write mpi 0
#mbedtls_asn1_write_mpi:"00":"020100"
ASN.1 Write mpi 0 (null)
mbedtls_asn1_write_mpi:"":"020100"
ASN.1 Write mpi 0 (1 limb)
mbedtls_asn1_write_mpi:"00":"020100"
ASN.1 Write mpi 1
mbedtls_asn1_write_mpi:"01":"020101"