Fix potential DoS by limiting number sizes in exponentiation Check that the exponent and modulus is below `MBEDTLS_MPI_MAX_BITS` before performing a time expensive operation (modular exponentiation). This prevents a potential DoS from Diffie-Hellman computations with extremely large key sizes. Signed-off-by: Chris Jones <christopher.jones@arm.com>

commit: 8b1f65ea00d2cb444f63bf436ebee917ef7ee87a [log] [tgz]
author: Chris Jones <christopher.jones@arm.com> Wed Nov 25 15:12:39 2020 +0000
committer: Chris Jones <christopher.jones@arm.com> Thu Dec 03 16:56:50 2020 +0000
tree: c0c47c8a0cccf15a416f56a91f7c24525ba946a3
parent: 4685d501e83eed98e51179bfff266880d7995960 [diff]
diff --git a/library/bignum.c b/library/bignum.c
index 3135ec4..ba4bb83 100644
--- a/library/bignum.c
+++ b/library/bignum.c

@@ -1859,6 +1859,10 @@
     if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
         return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
 
+    if( mbedtls_mpi_bitlen( E ) > MBEDTLS_MPI_MAX_BITS ||
+        mbedtls_mpi_bitlen( N ) > MBEDTLS_MPI_MAX_BITS )
+        return ( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
     /*
      * Init temps and window size
      */
commit	8b1f65ea00d2cb444f63bf436ebee917ef7ee87a	[log] [tgz]
author	Chris Jones <christopher.jones@arm.com>	Wed Nov 25 15:12:39 2020 +0000
committer	Chris Jones <christopher.jones@arm.com>	Thu Dec 03 16:56:50 2020 +0000
tree	c0c47c8a0cccf15a416f56a91f7c24525ba946a3
parent	4685d501e83eed98e51179bfff266880d7995960 [diff]