Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0

Fix NULL+0 undefined behavior in PSA crypto ECB
2022-11-25 17:07:46 +00:00 · 2022-11-25 17:07:46 +00:00 · bf9b23abf8
commit bf9b23abf8
parent 6e85673e8d 7d23778178
23 changed files with 127 additions and 85 deletions
--- a/library/aria.c
+++ b/library/aria.c
@ -37,11 +37,6 @@

 #include "mbedtls/platform_util.h"

-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
 /* Parameter validation macros */
 #define ARIA_VALIDATE_RET( cond )                                       \
    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA )
--- a/library/chacha20.c
+++ b/library/chacha20.c
@ -36,11 +36,6 @@

 #if !defined(MBEDTLS_CHACHA20_ALT)

-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
 #define ROTL32( value, amount ) \
    ( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) )

--- a/library/common.h
+++ b/library/common.h
@ -25,6 +25,7 @@

 #include "mbedtls/build_info.h"

+#include <stddef.h>
 #include <stdint.h>

 /** Helper to define a function as static except when building invasive tests.
@ -68,6 +69,44 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 */
 #define MBEDTLS_ALLOW_PRIVATE_ACCESS

+/** Return an offset into a buffer.
+ *
+ * This is just the addition of an offset to a pointer, except that this
+ * function also accepts an offset of 0 into a buffer whose pointer is null.
+ * (`p + n` has undefined behavior when `p` is null, even when `n == 0`.
+ * A null pointer is a valid buffer pointer when the size is 0, for example
+ * as the result of `malloc(0)` on some platforms.)
+ *
+ * \param p     Pointer to a buffer of at least n bytes.
+ *              This may be \p NULL if \p n is zero.
+ * \param n     An offset in bytes.
+ * \return      Pointer to offset \p n in the buffer \p p.
+ *              Note that this is only a valid pointer if the size of the
+ *              buffer is at least \p n + 1.
+ */
+static inline unsigned char *mbedtls_buffer_offset(
+    unsigned char *p, size_t n )
+{
+    return( p == NULL ? NULL : p + n );
+}
+
+/** Return an offset into a read-only buffer.
+ *
+ * Similar to mbedtls_buffer_offset(), but for const pointers.
+ *
+ * \param p     Pointer to a buffer of at least n bytes.
+ *              This may be \p NULL if \p n is zero.
+ * \param n     An offset in bytes.
+ * \return      Pointer to offset \p n in the buffer \p p.
+ *              Note that this is only a valid pointer if the size of the
+ *              buffer is at least \p n + 1.
+ */
+static inline const unsigned char *mbedtls_buffer_offset_const(
+    const unsigned char *p, size_t n )
+{
+    return( p == NULL ? NULL : p + n );
+}
+
 /** Byte Reading Macros
 *
 * Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th
--- a/library/debug.c
+++ b/library/debug.c
@ -30,11 +30,6 @@
 #include <stdio.h>
 #include <string.h>

-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
 #define DEBUG_BUF_SIZE      512

 static int debug_threshold = 0;
--- a/library/ecp.c
+++ b/library/ecp.c
@ -88,11 +88,6 @@

 #include "ecp_internal_alt.h"

-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
 #if defined(MBEDTLS_SELF_TEST)
 /*
 * Counts of point addition and doubling, and field multiplications.
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@ -39,11 +39,6 @@
 #define ECP_VALIDATE( cond )        \
    MBEDTLS_INTERNAL_VALIDATE( cond )

-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
 #define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)}

 #define ECP_MPI_INIT_ARRAY(x)   \
--- a/library/mps_reader.c
+++ b/library/mps_reader.c
@ -29,11 +29,6 @@

 #include <string.h>

-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
 #if defined(MBEDTLS_MPS_ENABLE_TRACE)
 static int mbedtls_mps_trace_id = MBEDTLS_MPS_TRACE_BIT_READER;
 #endif /* MBEDTLS_MPS_ENABLE_TRACE */
--- a/library/poly1305.c
+++ b/library/poly1305.c
@ -32,11 +32,6 @@

 #if !defined(MBEDTLS_POLY1305_ALT)

-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
 #define POLY1305_BLOCK_SIZE_BYTES ( 16U )

 /*
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -3454,8 +3454,8 @@ psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key,
    status = psa_driver_wrapper_cipher_encrypt(
        &attributes, slot->key.data, slot->key.bytes,
        alg, local_iv, default_iv_length, input, input_length,
-        output + default_iv_length, output_size - default_iv_length,
-        output_length );
+        mbedtls_buffer_offset( output, default_iv_length ),
+        output_size - default_iv_length, output_length );

 exit:
    unlock_status = psa_unlock_key_slot( slot );
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@ -516,10 +516,10 @@ psa_status_t mbedtls_psa_cipher_encrypt(
    if( status != PSA_SUCCESS )
        goto exit;

-    status = mbedtls_psa_cipher_finish( &operation,
-                                        output + update_output_length,
-                                        output_size - update_output_length,
-                                        &finish_output_length );
+    status = mbedtls_psa_cipher_finish(
+        &operation,
+        mbedtls_buffer_offset( output, update_output_length ),
+        output_size - update_output_length, &finish_output_length );
    if( status != PSA_SUCCESS )
        goto exit;

@ -563,17 +563,20 @@ psa_status_t mbedtls_psa_cipher_decrypt(
            goto exit;
    }

-    status = mbedtls_psa_cipher_update( &operation, input + operation.iv_length,
-                                        input_length - operation.iv_length,
-                                        output, output_size, &olength );
+    status = mbedtls_psa_cipher_update(
+        &operation,
+        mbedtls_buffer_offset_const( input, operation.iv_length ),
+        input_length - operation.iv_length,
+        output, output_size, &olength );
    if( status != PSA_SUCCESS )
        goto exit;

    accumulated_length = olength;

-    status = mbedtls_psa_cipher_finish( &operation, output + accumulated_length,
-                                        output_size - accumulated_length,
-                                        &olength );
+    status = mbedtls_psa_cipher_finish(
+        &operation,
+        mbedtls_buffer_offset( output, accumulated_length ),
+        output_size - accumulated_length, &olength );
    if( status != PSA_SUCCESS )
        goto exit;

--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -57,11 +57,6 @@

 #include "common.h"

-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
 /* Shorthand for restartable ECC */
 #if defined(MBEDTLS_ECP_RESTARTABLE) && \
    defined(MBEDTLS_SSL_CLI_C) && \