TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9b9b5a52d95c476a66e441706a38e98631c6990e^! / .
commit9b9b5a52d95c476a66e441706a38e98631c6990e[log] [tgz]
authorValerio Setti <valerio.setti@nordicsemi.no>Mon Jan 29 16:53:03 2024 +0100
committerValerio Setti <valerio.setti@nordicsemi.no>Mon Jan 29 17:25:19 2024 +0100
treeb363656b83d22f3ae032a378db49bb3837ebdaa1
parentf8ce457fb606309c87ba5c2595eeb9d5a9ce6cf2 [diff]
psa_util: some code improvement to convert_der_to_raw_single_int()

This commit also fixes test_suite_psa_crypto_util.data due to the
change in one of the return values.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

diff --git a/library/psa_util.c b/library/psa_util.c
index 9e21602..0349873 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c

@@ -494,7 +494,7 @@
     }
 
     /* Skip possible leading zero */
-    if (*p == 0x00) {
+    if ((*p == 0x00) && (unpadded_len > 0)) {
         p++;
         unpadded_len--;
         /* It should never happen that the input number is all zeros. */
@@ -503,9 +503,13 @@
         }
     }
 
-    if (unpadded_len < coordinate_size) {
+    if (unpadded_len > coordinate_size) {
+        /* Parsed number is longer than the maximum expected value. */
+        return MBEDTLS_ERR_ASN1_INVALID_DATA;
+    } else {
         padding_len = coordinate_size - unpadded_len;
-        memset(raw, 0x00, padding_len);
+        /* raw buffer was already zeroed in mbedtls_ecdsa_der_to_raw() so
+         * zero-padding operation is skipped here. */
     }
     memcpy(raw + padding_len, p, unpadded_len);
     p += unpadded_len;

diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data
index 45a3cb5..40f6391 100644
--- a/tests/suites/test_suite_psa_crypto_util.data
+++ b/tests/suites/test_suite_psa_crypto_util.data

@@ -52,7 +52,7 @@
 
 ECDSA DER -> Raw, 256bit, Wrong r integer length (too large)
 depends_on:PSA_WANT_ECC_SECP_K1_256
-ecdsa_der_to_raw:256:"30440221111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+ecdsa_der_to_raw:256:"30440221111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
 
 ECDSA DER -> Raw, 256bit, Wrong s integer length (too small)
 depends_on:PSA_WANT_ECC_SECP_K1_256