TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 301a9ee583ed59275f2ce0f47bc9f986ca75ae76^! / . / library / ecp.c
commit301a9ee583ed59275f2ce0f47bc9f986ca75ae76[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Wed Jun 17 10:12:43 2020 +0200
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Wed Jun 17 10:12:43 2020 +0200
treeb45ec8a5dd39a52b4d49ea2fa17e8dfdb8b7c494
parent72177e362b4298bf9349861c430dd6d44c1a5ebb [diff] [blame]
Fix potential memory overread in seed functions

The previous commit introduced a potential memory overread by reading
secret_len bytes from secret->p, while the is no guarantee that secret has
enough limbs for that.

Fix that by using an intermediate buffer and mpi_write_binary().

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

diff --git a/library/ecp.c b/library/ecp.c
index b8ad935..91fbe3b 100644
--- a/library/ecp.c
+++ b/library/ecp.c

@@ -180,13 +180,21 @@
 static int ecp_drbg_seed( ecp_drbg_context *ctx,
                    const mbedtls_mpi *secret, size_t secret_len )
 {
-    const unsigned char *secret_p = (const unsigned char *) secret->p;
-
+    int ret;
+    unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES];
     /* The list starts with strong hashes */
     const mbedtls_md_type_t md_type = mbedtls_md_list()[0];
     const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type );
 
-    return( mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_p, secret_len ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret,
+                                               secret_bytes, secret_len ) );
+
+    ret = mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_bytes, secret_len );
+
+cleanup:
+    mbedtls_platform_zeroize( secret_bytes, secret_len );
+
+    return( ret );
 }
 
 #elif defined(MBEDTLS_CTR_DRBG_C)
@@ -231,10 +239,19 @@
 static int ecp_drbg_seed( ecp_drbg_context *ctx,
                    const mbedtls_mpi *secret, size_t secret_len )
 {
-    const unsigned char *secret_p = (const unsigned char *) secret->p;
+    int ret;
+    unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES];
 
-    return( mbedtls_ctr_drbg_seed( ctx, ecp_ctr_drbg_null_entropy, NULL,
-                                   secret_p, secret_len ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret,
+                                               secret_bytes, secret_len ) );
+
+    ret = mbedtls_ctr_drbg_seed( ctx, ecp_ctr_drbg_null_entropy, NULL,
+                                 secret_bytes, secret_len );
+
+cleanup:
+    mbedtls_platform_zeroize( secret_bytes, secret_len );
+
+    return( ret );
 }
 
 #elif defined(MBEDTLS_SHA512_C) || \