Add sanity checks for the mbedtls_pk_sign output size

mbedtls_pk_sign does not take the size of its output buffer as a parameter. We guarantee that MBEDTLS_PK_SIGNATURE_MAX_SIZE is enough. For RSA and ECDSA signatures made in software, this is ensured by the way MBEDTLS_PK_SIGNATURE_MAX_SIZE is defined at compile time. For signatures made through RSA-alt and PSA, this is not guaranteed robustly at compile time, but we can test it at runtime, so do that.
2019-11-05 17:31:36 +01:00 · 2019-11-05 17:31:36 +01:00 · f48d6f2320
commit f48d6f2320
parent b22a24b23f
1 changed files with 4 additions and 0 deletions
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@ -774,6 +774,8 @@ static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
 #endif /* SIZE_MAX > UINT_MAX */

    *sig_len = rsa_alt->key_len_func( rsa_alt->key );
+    if( *sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );

    return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
                md_alg, (unsigned int) hash_len, hash, sig ) );
@ -1017,6 +1019,8 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
        return( mbedtls_psa_err_translate_pk( status ) );
    buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN( psa_get_key_bits( &attributes ) );
    psa_reset_key_attributes( &attributes );
+    if( *sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );

    /* make the signature */
    status = psa_asymmetric_sign( *key, alg, hash, hash_len,