Merge pull request #939 from ronald-cron-arm/tls13-add-missing-overread-check
TLS 1.3: Add missing overread check
diff --git a/ChangeLog.d/bignum-0-mod-2.txt b/ChangeLog.d/bignum-0-mod-2.txt
new file mode 100644
index 0000000..4a1ab16
--- /dev/null
+++ b/ChangeLog.d/bignum-0-mod-2.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix a null pointer dereference when performing some operations on zero
+ represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing
+ by 2, and mbedtls_mpi_write_string() in base 2).
diff --git a/library/bignum.c b/library/bignum.c
index 11acc01..8717c8a 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1785,7 +1785,7 @@
/*
* handle trivial cases
*/
- if( b == 1 )
+ if( b == 1 || A->n == 0 )
{
*r = 0;
return( 0 );
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index 02a11c8..056310a 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -67,12 +67,18 @@
Test mpi_read_write_string #9 (Empty MPI hex -> dec)
mpi_read_write_string:16:"":10:"0":4:0:0
+Test mpi_read_write_string #9 (Empty MPI hex -> base 2)
+mpi_read_write_string:16:"":2:"0":4:0:0
+
Test mpi_read_write_string #8 (Empty MPI dec -> hex)
mpi_read_write_string:10:"":16:"":4:0:0
Test mpi_read_write_string #9 (Empty MPI dec -> dec)
mpi_read_write_string:10:"":10:"0":4:0:0
+Test mpi_read_write_string #9 (Empty MPI dec -> base 2)
+mpi_read_write_string:16:"":2:"0":4:0:0
+
Test mpi_write_string #10 (Negative hex with odd number of digits)
mpi_read_write_string:16:"-1":16:"":3:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
@@ -1216,9 +1222,15 @@
Test mbedtls_mpi_mod_int: 0 (null) % 1
mbedtls_mpi_mod_int:16:"":1:0:0
+Test mbedtls_mpi_mod_int: 0 (null) % 2
+mbedtls_mpi_mod_int:16:"":2:0:0
+
Test mbedtls_mpi_mod_int: 0 (null) % -1
mbedtls_mpi_mod_int:16:"":-1:0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+Test mbedtls_mpi_mod_int: 0 (null) % -2
+mbedtls_mpi_mod_int:16:"":-2:0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+
Base test mbedtls_mpi_exp_mod #1
mbedtls_mpi_exp_mod:10:"23":10:"13":10:"29":10:"24":0