search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.51k stars 2.6k forks source link

mbedtls_ecdh_context fields are not initialized with the proper xxx_init function #1962

Open gilles-peskine-arm opened 6 years ago

gilles-peskine-arm commented 6 years ago

This is a minor bug, which can only hit alternative implementations that do something weird.

mbedtls_ecdh_init initializes an mbedtls_ecdh_context to all-bits-zero. mbedtls_ecdh_free calls mbedtls_ecp_group_free, mbedtls_ecp_point_free and mbedtls_mpi_free as applicable on each field. This is not guaranteed to work.

mbedtls_mpi_free is safe if its argument is all-bits-zero. It interprets a field as a pointer, but does nothing if the pointer is null, and we require the platform to interpret all-bits-zero as a null pointer (checked in selftest.c).

Our implementation of mbedtls_ecp_group_free and mbedtls_ecp_point_free is safe if its argument is all-bits-zero. More generally, our code using mbedtls_ecp_group and mbedtls_ecp_point treats a data structure initialized as all-bits-zero identically to a data structure initialized with the corresponding xxx_init function. However this may not be the case for alternative implementations.

We should initialize those fields properly by calling _init.

The fields Vi, Vf and _d are not used at all, so we could refrain from calling xxx_free instead for those fields.

I haven't checked whether other library modules do something similar.

ciarmcom commented 6 years ago

ARM Internal Ref: IOTSSL-2480