mbedtls_ecp_write_key: document and test smaller output buffer

Document and test the current behavior, even if it is weird: * For Weierstrass keys, the error is MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL, not MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL. * For Weierstrass keys, a smaller output buffer is ok if the output fits. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-07-29 11:41:15 +03:00 · 2024-02-19 13:49:45 +01:00
parent a395bdd066
commit 1c7ff7ea53
3 changed files with 118 additions and 12 deletions
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@ -1331,8 +1331,8 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
 * \brief           This function exports an elliptic curve private key.
 *
 * \note            Note that although this function accepts an output
- *                  buffer that is larger than the key, most key import
- *                  interfaces require the output to be trimmed to the
+ *                  buffer that is smaller or larger than the key, most key
+ *                  import interfaces require the output to have exactly
 *                  key's nominal length. It is generally simplest to
 *                  pass the key's nominal length as \c buflen, after
 *                  checking that the output buffer is large enough.
@ -1349,13 +1349,18 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
 *                  representation (which is little-endian), padded with
 *                  null bytes at the end to reach \p buflen bytes.
 * \param buflen    The total length of the buffer in bytes.
- *                  The length of the output is always
+ *                  The length of the output is
 *                  (`grp->nbits` + 7) / 8 bytes
 *                  where `grp->nbits` is the private key size in bits.
+ *                  For Weierstrass keys, if the output buffer is smaller,
+ *                  leading zeros are trimmed to fit if possible. For
+ *                  Montgomery keys, the output buffer must always be large
+ *                  enough for the nominal length.
 *
 * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \p key
-                    representation is larger than the available space in \p buf.
+ * \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL or
+ *                  #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the \p key
+ *                  representation is larger than the available space in \p buf.
 * \return          Another negative error code on different kinds of failure.
 */
 int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,