Asn1 encoding and mbedtls_asn1_get_mpi issue

Mbed TLS Bug Reports / Issues
1

Hi.
I’m developer using mbedtls.

I found asn1 encoding issue with mbedtls.

Here is an excerpt from ‘X690 8.3.2 Encoding of an integer rule’.

8.3.2 If the contents octets of an integer value encoding consist of more than one octet,
then the bits of the first octet and bit 8 of the second octet:
a) shall not all be ones; and
b) shall not all be zero.
NOTE – These rules ensure that an integer value is always encoded in the smallest possible number of octets.

x690 link

That is,
Integer encoding 02020001 is invalid, 020101 is valid. (which means 1)
Likewise Integer encoding 0202FFFF is invalid, 0201FF is valid (which means -1)

The ‘mbedtls_ecdsa_read_signature’ function allows the above invalid encoding.

I’ve attached simple test programs with a small variation of mbedtls/programs/pkey/ecdsa.c

ecdsa_test
ecdsa_test894×863 82.9 KB

The result of two verifying are both pass.

result
result894×863 61.3 KB

On the other hand, in the similar test with openssl, the second result is failed.

I’ve also attached my primitive patch for this issue.

asn1parse
asn1parse894×863 51.3 KB

Could you review this issue?

Thanks.
Jongho Lee.

2

Hi @Roku
Thank you for reporting this issue.
I have created an issue in our repository,Asn1 encoding and mbedtls_asn1_get_mpi issue · Issue #2099 · Mbed-TLS/mbedtls · GitHub, on your behalf to make it easier to track.
Would you be willing to contribute your fix to our repository after you have accepted our CLA? This way we will be able to review it better.
Regards,
Mbed TLS Team member
Ron

3

Thanks for reply.

It’s an honor to contribute to it.

Unfortunately, I don’t know what CLA is and how to accept it.

Please let me know how to accept CLA.

Regards,
Jongho Lee

4

Hi @Roku
CLA is a “Contributor’s License Agreement.”
If this is a personal contribution, the easiest way to do this is if you create an mbed account and accept this click through agreement. Alternatively, you can find a slightly different agreement to sign here, which can be signed and returned to us, and is applicable if you don’t want to create an Mbed account or alternatively if this is a corporate contribution.
Since you already have an Mbed acount, and I am assuming this is a personal contribution, the simplest way id for you to accept the click through agreement.
Regards,
Mbed TLS Team member
Ron