TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-03 11:06:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add missing FFDH public key buffer length check

Browse Source 
When exporting an FFDH public key we were not properly checking the
length of the output buffer and would write the full length of the key
in all cases. Fix this by checking the size of the output buffer before
we write to it.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
This commit is contained in:
David Horstmann
2026-02-26 14:47:04 +00:00
parent 443300e700
commit 01bcc1f754
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
library/psa_crypto_ffdh.c
View File

@@ -168,6 +168,10 @@ psa_status_t mbedtls_psa_ffdh_export_public_key(
mbedtls_mpi_init(&X); mbedtls_mpi_init(&P);
size_t key_len = PSA_BITS_TO_BYTES(attributes->bits);
if (key_len > data_size) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto cleanup;
}
status = mbedtls_psa_ffdh_set_prime_generator(key_len, &P, &G);