From 6d429216339adf27c6404b78d67c4b674c75319e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 17 Oct 2023 10:01:33 +0200 Subject: [PATCH 1/2] Require at least on curve for ECP_LIGHT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ECP_LIGHT is not usable without any curve, just the same as ECP_C. We forgot to update this check when introducing the ECP_LIGHT subset. Note: the message doesn't mention ECP_LIGHT as that's not a public config knob, hence the message with "ECP_C or a subset" (that's how it's referred to in user-facing documentation such as docs/driver-only-builds.md). Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index e18e9a5fc..cdc2be171 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -231,7 +231,7 @@ #error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites" #endif -#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \ +#if defined(MBEDTLS_ECP_LIGHT) && ( !defined(MBEDTLS_BIGNUM_C) || ( \ !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \ !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \ !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \ @@ -245,7 +245,7 @@ !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \ !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \ !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) ) -#error "MBEDTLS_ECP_C defined, but not all prerequisites" +#error "MBEDTLS_ECP_C defined (or a subset enabled), but not all prerequisites" #endif #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C) From 745ec5d75ebdebdc7f2c913d2e45d7d2e918e06e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 17 Oct 2023 10:13:45 +0200 Subject: [PATCH 2/2] Fix static initializer warning MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In a hypothetical build with no curves, or in the future when we add a new curve type and possibly forget updating this function with a new block for the new type, we write to `ret` at the beginning or the function then immediately overwrite it with MPI_CHK(check_privkey), which static analyzers understandably find questionable. Use `ret` here and check the key only if it was actually set. Signed-off-by: Manuel Pégourié-Gonnard --- library/ecp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/ecp.c b/library/ecp.c index 5f2a7b0c0..dfa095782 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3288,7 +3288,10 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&key->d, buf, buflen)); } #endif - MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d)); + + if (ret == 0) { + MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d)); + } cleanup: