From 0118a1d7126e4f52bf7573507adffbb4c2cf0417 Mon Sep 17 00:00:00 2001 From: Chien Wong Date: Tue, 1 Aug 2023 21:38:46 +0800 Subject: [PATCH] Fix a few unchecked return values Signed-off-by: Chien Wong --- ChangeLog.d/fix-a-few-unchecked-return.txt | 3 +++ library/bignum.c | 2 +- library/ecdsa.c | 4 ++-- library/rsa_internal.c | 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) create mode 100644 ChangeLog.d/fix-a-few-unchecked-return.txt diff --git a/ChangeLog.d/fix-a-few-unchecked-return.txt b/ChangeLog.d/fix-a-few-unchecked-return.txt new file mode 100644 index 0000000000..aadde36315 --- /dev/null +++ b/ChangeLog.d/fix-a-few-unchecked-return.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA + signature can silently return an incorrect result in low memory conditions. diff --git a/library/bignum.c b/library/bignum.c index 5dca3a9177..67add492f3 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2328,7 +2328,7 @@ int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A, /* * Load the result in the output variable. */ - mbedtls_mpi_copy(X, &W[x_index]); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, &W[x_index])); cleanup: diff --git a/library/ecdsa.c b/library/ecdsa.c index 1f0b37dfd4..3ede933b49 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -366,7 +366,7 @@ modn: #if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && rs_ctx->sig != NULL) { - mbedtls_mpi_copy(r, pr); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(r, pr)); } #endif @@ -457,7 +457,7 @@ static int ecdsa_sign_det_restartable(mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(d, data, grp_len)); MBEDTLS_MPI_CHK(derive_mpi(grp, &h, buf, blen)); MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&h, data + grp_len, grp_len)); - mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len); + MBEDTLS_MPI_CHK(mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len)); #if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && rs_ctx->det != NULL) { diff --git a/library/rsa_internal.c b/library/rsa_internal.c index 2ff51c34b7..41ceff06c0 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -126,7 +126,7 @@ int mbedtls_rsa_deduce_primes(mbedtls_mpi const *N, } for (; attempt < num_primes; ++attempt) { - mbedtls_mpi_lset(&K, primes[attempt]); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&K, primes[attempt])); /* Check if gcd(K,N) = 1 */ MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(P, &K, N));