Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport 2.28: Fix undefined behavior in bignum: NULL+0 and -most-negative-sint #6618

Merged
merged 4 commits into from
Nov 21, 2022
Merged

Backport 2.28: Fix undefined behavior in bignum: NULL+0 and -most-negative-sint #6618

merged 4 commits into from
Nov 21, 2022

Conversation

gilles-peskine-arm
Copy link
Contributor

@gilles-peskine-arm gilles-peskine-arm commented Nov 17, 2022
edited
Loading

Fix two kinds of typically harmless undefined behavior in bignum. Trivial backport of #6609.

Gatekeeper checklist

@gilles-peskine-arm
Document mbedtls_mpi_uint and mbedtls_mpi_sint
cab02f6 
Since they're part of the public API (even if only through a few functions),
they should be documented.

I deliberately skipped documenting how to configure the size of the type.
Right now, MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 have no Doxygen
documentation, so it's ambiguous whether they're part of the public API.
Resolving this ambiguity is out of scope of my current work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Fix NULL+0 in addition 0 + 0
103cf59 
Fix undefined behavior (typically harmless in practice) of
mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() when
both operands are 0 and the left operand is represented with 0 limbs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Fix undefined behavior with the most negative mbedtls_mpi_sint
de1629a 
When x is the most negative value of a two's complement type,
`(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x`
has well-defined behavior and does what was intended.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Express abs(z) in a way that satisfies GCC and MSVC
ae7cbd7 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm gilles-peskine-arm added bug needs-review Every commit must be reviewed by at least two team members, component-crypto Crypto primitives and low-level interfaces needs-ci Needs to pass CI tests needs-reviewer This PR needs someone to pick it up for review size-s Estimated task size: small (~2d) priority-medium Medium priority - this can be reviewed as time permits labels Nov 17, 2022
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Nov 17, 2022
Merged
3 tasks
tom-cosgrove-arm
tom-cosgrove-arm reviewed Nov 17, 2022
View reviewed changes
include/mbedtls/bignum.h
/** \typedef mbedtls_mpi_sint
* \brief The signed type corresponding to #mbedtls_mpi_uint.
*
* This is always an signed integer type with no padding bits. The size
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Grr, missed this in the original. Up to you whether you fix :)

Suggested change
* This is always an signed integer type with no padding bits. The size
* This is always a signed integer type with no padding bits. The size

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This hinders neither comprehension nor grepping so I'd prefer to merge if the CI is happy.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I gave an approval anyway...

tom-cosgrove-arm
tom-cosgrove-arm approved these changes Nov 17, 2022
View reviewed changes
Copy link
Contributor

@tom-cosgrove-arm tom-cosgrove-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Faithful backport

@gilles-peskine-arm gilles-peskine-arm added single-reviewer This PR qualifies for having only one reviewer and removed needs-ci Needs to pass CI tests needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review labels Nov 21, 2022
@gilles-peskine-arm
Copy link
Contributor Author

Marking single-reviewer since this is a trivial backport.

@gilles-peskine-arm gilles-peskine-arm added the approved Design and code approved - may be waiting for CI or backports label Nov 21, 2022
@gilles-peskine-arm gilles-peskine-arm merged commit b358e46 into Mbed-TLS:mbedtls-2.28 Nov 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tom-cosgrove-arm tom-cosgrove-arm tom-cosgrove-arm approved these changes

Assignees
No one assigned
Labels
approved Design and code approved - may be waiting for CI or backports bug component-crypto Crypto primitives and low-level interfaces priority-medium Medium priority - this can be reviewed as time permits single-reviewer This PR qualifies for having only one reviewer size-s Estimated task size: small (~2d)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gilles-peskine-arm @tom-cosgrove-arm