commit 2353781d9ef315a7e3c62ba534488811829d2427
author Andrzej Kurek <andrzej.kurek@arm.com> Wed Feb 14 07:43:37 2018 -0500
committer Andrzej Kurek <andrzej.kurek@arm.com> Wed Feb 14 07:43:37 2018 -0500
tree e65dd369a8dd2245297f11680337e852e1581977
parent bba09275866bad1b1eba27996a2809e26c2ee86b

Add error checking to mbedtls_ecdsa_signature_to_asn1

Add a wrapper to check for errors during MBEDTLS_ASN1_CHK_ADD
Substitute backticks with apostrophes

include/mbedtls/pk_info.h

diff --git a/include/mbedtls/pk_info.h b/include/mbedtls/pk_info.h
index 846502b..6ee47d8 100644
--- a/include/mbedtls/pk_info.h
+++ b/include/mbedtls/pk_info.h
@@ -71,7 +71,7 @@
  * - Keep the mbedtls_pk_info_t structure hidden and declare a function
  *   to call instead of mbedtls_pk_setup. This function should have an
  *   interface of the form
- *    `int mbedtls_pk_setup_myengine(mbedtls_pk_context *, ...)`
+ *    'int mbedtls_pk_setup_myengine(mbedtls_pk_context *, ...)'
  *   where the extra parameters depend on the engine, e.g. handles to keys
  *   stored in an external cryptographic module.
  *
@@ -228,9 +228,9 @@
      * type does not match the semantic type of \c prv (RSA, ECC or other),
      * then check_pair_func must return #MBEDTLS_ERR_PK_TYPE_MISMATCH.
      *
-     * If \c pub and \c prv are opaque keys from the same engines (i.e. ``),
-     * then check_pair_func must return 0, `#MBEDTLS_ERR_PK_TYPE_MISMATCH`, or
-     * `#MBEDTLS_ERR_RSA_KEY_CHECK_FAILED` or `#MBEDTLS_ERR_ECP_BAD_INPUT_DATA`
+     * If \c pub and \c prv are opaque keys from the same engines (i.e. ''),
+     * then check_pair_func must return 0, #MBEDTLS_ERR_PK_TYPE_MISMATCH, or
+     * #MBEDTLS_ERR_RSA_KEY_CHECK_FAILED or #MBEDTLS_ERR_ECP_BAD_INPUT_DATA
      * as in the case of transparent keys.
      *
      * If \c pub is an opaque key which is not from the same engine as \c prv,

library/ecdsa.c

diff --git a/library/ecdsa.c b/library/ecdsa.c
index afe9558..1a6357b 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -287,10 +287,13 @@
 #endif /* MBEDTLS_ECDSA_VERIFY_ALT */
 
 /*
- * Convert a signature (given by context) to ASN.1
+ * Convert a signature (given by context) to ASN.1.
+ * This function may leave a half-written upon encountering an error, and
+ * is for internal use only.
  */
-int mbedtls_ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
-                             unsigned char *sig, size_t *slen, size_t ssize )
+static int internal_ecdsa_signature_to_asn1( const mbedtls_mpi *r,
+                                      const mbedtls_mpi *s, unsigned char *sig,
+                                      size_t *slen, size_t ssize )
 {
     int ret;
     unsigned char *p = sig + ssize;
@@ -311,6 +314,18 @@
 }
 
 /*
+ * Convert a signature (given by context) to ASN.1, zeroize the buffer on error
+ */
+int mbedtls_ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
+                             unsigned char *sig, size_t *slen, size_t ssize )
+{
+    int ret = internal_ecdsa_signature_to_asn1( r, s, sig, slen, ssize );
+    if( ret != 0 )
+        memset( sig, ssize, 0 );
+    return( ret );
+}
+
+/*
  * Compute and write signature. This function assumes that sig is large enough.
  */
 int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,