From e2caf4161ba96e3e22276707f9e43cdf68caf621 Mon Sep 17 00:00:00 2001 From: Chien Wong Date: Tue, 1 Aug 2023 21:38:46 +0800 Subject: [PATCH 1/3] Fix a few unchecked value issue Signed-off-by: Chien Wong --- library/bignum.c | 4 ++-- library/ecdsa.c | 4 ++-- library/rsa_alt_helpers.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index d559c9e76..7661dd3ae 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1706,7 +1706,7 @@ int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A, */ const size_t x_index = 0; mbedtls_mpi_init(&W[x_index]); - mbedtls_mpi_copy(&W[x_index], X); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[x_index], X)); j = N->n + 1; /* All W[i] and X must have at least N->n limbs for the mpi_montmul() @@ -1893,7 +1893,7 @@ int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A, /* * Load the result in the output variable. */ - mbedtls_mpi_copy(X, &W[x_index]); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, &W[x_index])); cleanup: diff --git a/library/ecdsa.c b/library/ecdsa.c index 1faec1639..6e55f2205 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -373,7 +373,7 @@ modn: #if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && rs_ctx->sig != NULL) { - mbedtls_mpi_copy(r, pr); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(r, pr)); } #endif @@ -447,7 +447,7 @@ int mbedtls_ecdsa_sign_det_restartable(mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(d, data, grp_len)); MBEDTLS_MPI_CHK(derive_mpi(grp, &h, buf, blen)); MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&h, data + grp_len, grp_len)); - mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len); + MBEDTLS_MPI_CHK(mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len)); #if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && rs_ctx->det != NULL) { diff --git a/library/rsa_alt_helpers.c b/library/rsa_alt_helpers.c index 3451469b9..5cc4636e4 100644 --- a/library/rsa_alt_helpers.c +++ b/library/rsa_alt_helpers.c @@ -126,7 +126,7 @@ int mbedtls_rsa_deduce_primes(mbedtls_mpi const *N, } for (; attempt < num_primes; ++attempt) { - mbedtls_mpi_lset(&K, primes[attempt]); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&K, primes[attempt])); /* Check if gcd(K,N) = 1 */ MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(P, &K, N)); From 2e3858f5eb001cdc4d42980103e4af732c8742ed Mon Sep 17 00:00:00 2001 From: Chien Wong Date: Fri, 11 Aug 2023 18:16:06 +0800 Subject: [PATCH 2/3] Undo a change Signed-off-by: Chien Wong --- library/bignum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index 7661dd3ae..9c686ad27 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1706,7 +1706,7 @@ int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A, */ const size_t x_index = 0; mbedtls_mpi_init(&W[x_index]); - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[x_index], X)); + mbedtls_mpi_copy(&W[x_index], X); j = N->n + 1; /* All W[i] and X must have at least N->n limbs for the mpi_montmul() From a4c477becd0d0e7c8b1c0454335290884399f9e2 Mon Sep 17 00:00:00 2001 From: Chien Wong Date: Fri, 11 Aug 2023 18:19:15 +0800 Subject: [PATCH 3/3] Add changelog entry Signed-off-by: Chien Wong --- ChangeLog.d/fix-a-few-unchecked-return.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/fix-a-few-unchecked-return.txt diff --git a/ChangeLog.d/fix-a-few-unchecked-return.txt b/ChangeLog.d/fix-a-few-unchecked-return.txt new file mode 100644 index 000000000..aadde3631 --- /dev/null +++ b/ChangeLog.d/fix-a-few-unchecked-return.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA + signature can silently return an incorrect result in low memory conditions.