Guard against PSA generating invalid signature

The goal is not to double-check everything PSA does, but to ensure that it anything goes wrong, we fail cleanly rather than by overwriting a buffer.
2018-11-16 10:54:54 +01:00 · 2018-11-16 10:54:54 +01:00 · 59eecb0e9e
commit 59eecb0e9e
parent 9a5a77ba7c
1 changed files with 7 additions and 2 deletions
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@ -784,13 +784,18 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
    memmove( *p, start, len );

    /* ASN.1 DER encoding requires minimal length, so skip leading 0s.
-     * Neither r nor s can be 0, so we can assume len > 0 at all times. */
-    while( **p == 0x00 )
+     * Neither r nor s should be 0, but as a failsafe measure, still detect
+     * that rather than overflowing the buffer in case of a PSA error. */
+    while( len > 0 && **p == 0x00 )
    {
        ++(*p);
        --len;
    }

+    /* this is only reached if the signature was invalid */
+    if( len == 0 )
+        return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+
    /* if the msb is 1, ASN.1 requires that we prepend a 0.
     * Neither r nor s can be 0, so we can assume len > 0 at all times. */
    if( **p & 0x80 )