TBB: replace assert() with runtime checks in PolarSSL module

Using assert() to check the length of keys and hashes included in
a certificate is not a safe approach because assert() only applies
to debug builds. A malformed certificate could exploit security
flaws in release binaries due to buffer overflows.

This patch replaces assert() with runtime checkings in the PolarSSL
authentication module, so malformed certificates can not cause a
memory overflow.

Change-Id: I42ba912020595752c806cbd242fe3c74077d993b

diff --git a/common/auth/polarssl/polarssl.c b/common/auth/polarssl/polarssl.c
index 82c8b33168abffac960690f11e43a4e40aeb4a7a..b55a7fc6c7a5467036f36e2b3ad01a2e9bda3e54 100644 (file)
--- a/common/auth/polarssl/polarssl.c
+++ b/common/auth/polarssl/polarssl.c
@@ -32,7 +32,6 @@
 
 #include <stddef.h>
 
-#include <assert.h>
 #include <auth.h>
 #include <debug.h>
 #include <platform.h>
@@ -267,7 +266,11 @@ static int check_bl2_cert(unsigned char *buf, size_t len)
                goto error;
        }
 
-       assert(sz == SHA256_DER_BYTES);
+       if (sz != SHA256_DER_BYTES) {
+               ERROR("Wrong BL2 hash size: %lu\n", sz);
+               err = 1;
+               goto error;
+       }
        memcpy(sha_bl2, p, SHA256_DER_BYTES);
 
 error:
@@ -324,7 +327,11 @@ static int check_trusted_key_cert(unsigned char *buf, size_t len)
                goto error;
        }
 
-       assert(tz_world_pk_len <= RSA_PUB_DER_MAX_BYTES);
+       if (tz_world_pk_len > RSA_PUB_DER_MAX_BYTES) {
+               ERROR("Wrong RSA key size: %lu\n", tz_world_pk_len);
+               err = 1;
+               goto error;
+       }
        memcpy(tz_world_pk, p, tz_world_pk_len);
 
        /* Extract Non-Trusted World key from extensions */
@@ -335,7 +342,11 @@ static int check_trusted_key_cert(unsigned char *buf, size_t len)
                goto error;
        }
 
-       assert(tz_world_pk_len <= RSA_PUB_DER_MAX_BYTES);
+       if (ntz_world_pk_len > RSA_PUB_DER_MAX_BYTES) {
+               ERROR("Wrong RSA key size: %lu\n", ntz_world_pk_len);
+               err = 1;
+               goto error;
+       }
        memcpy(ntz_world_pk, p, ntz_world_pk_len);
 
 error:
@@ -392,7 +403,11 @@ static int check_bl3x_key_cert(const unsigned char *buf, size_t len,
                goto error;
        }
 
-       assert(sz <= RSA_PUB_DER_MAX_BYTES);
+       if (sz > RSA_PUB_DER_MAX_BYTES) {
+               ERROR("Wrong RSA key size: %lu\n", sz);
+               err = 1;
+               goto error;
+       }
        memcpy(s_key, p, sz);
        *s_key_len = sz;
 
@@ -446,7 +461,11 @@ static int check_bl3x_cert(unsigned char *buf, size_t len,
                goto error;
        }
 
-       assert(sz == SHA256_DER_BYTES);
+       if (sz != SHA256_DER_BYTES) {
+               ERROR("Wrong image hash length: %lu\n", sz);
+               err = 1;
+               goto error;
+       }
        memcpy(sha, p, SHA256_DER_BYTES);
 
 error: