Detect unsigned integer overflow in mbedtls_ecp_check_budget() This commit modifies a bounds check in `mbedtls_ecp_check_budget()` to be correct even if the requested number of ECC operations would overflow the operation counter.

commit: b10c66073f3f83359d8333768f9fed2733c11c87 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Fri Oct 26 13:50:13 2018 +0100
committer: Hanno Becker <hanno.becker@arm.com> Fri Oct 26 15:09:35 2018 +0100
tree: f8fb2d8f908930e024a23996142f13e65492fd65
parent: abdf67ee9fa976d8248aa8f74e6a2aec8b54ee92 [diff] [blame]
diff --git a/library/ecp.c b/library/ecp.c
index b193ad4..de5725c 100644
--- a/library/ecp.c
+++ b/library/ecp.c

@@ -248,9 +248,16 @@
         else if( grp->pbits >= 384 )
             ops *= 2;
 
-        /* avoid infinite loops: always allow first step */
-        if( rs_ctx->ops_done != 0 && rs_ctx->ops_done + ops > ecp_max_ops )
+        /* Avoid infinite loops: always allow first step.
+         * Because of that, however, it's not generally true
+         * that ops_done <= ecp_max_ops, so the check
+         * ops_done > ecp_max_ops below is mandatory. */
+        if( ( rs_ctx->ops_done != 0 ) &&
+            ( rs_ctx->ops_done > ecp_max_ops ||
+              ops > ecp_max_ops - rs_ctx->ops_done ) )
+        {
             return( MBEDTLS_ERR_ECP_IN_PROGRESS );
+        }
 
         /* update running count */
         rs_ctx->ops_done += ops;
commit	b10c66073f3f83359d8333768f9fed2733c11c87	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Fri Oct 26 13:50:13 2018 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Fri Oct 26 15:09:35 2018 +0100
tree	f8fb2d8f908930e024a23996142f13e65492fd65
parent	abdf67ee9fa976d8248aa8f74e6a2aec8b54ee92 [diff] [blame]