feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

catch invalid test case of RSA-OAEP and fix cast

Browse Source
This commit is contained in:
Jacob Barthelmeh
2016-03-16 14:51:25 -06:00
parent 47491e6c22
commit 4c3ddac23c
2 changed files with 31 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
wolfcrypt/src/rsa.c
View File

@ -421,8 +421,16 @@ static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
return ret; return ret;
} }
/* handles check of location for idx as well as psLen */ /* handles check of location for idx as well as psLen, cast to int to check
if (inputLen > (pkcsBlockLen - 2 * hLen - 2)) { for pkcsBlockLen(k) - 2 * hLen - 2 being negative
This check is similar to decryption where k > 2 * hLen + 2 as msg
size aproaches 0. In decryption if k is less than or equal -- then there
is no possible room for msg.
k = RSA key size
hLen = hash digest size
*/
if ((int)inputLen > ((int)pkcsBlockLen - 2 * hLen - 2)) {
WOLFSSL_MSG("OAEP pad error, message too long or hash to big for RSA key size");
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER);

36
wolfcrypt/test/test.c
View File

@ -4146,24 +4146,30 @@ int rsa_test(void)
#endif /* NO_SHA256 */ #endif /* NO_SHA256 */
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
XMEMSET(plain, 0, sizeof(plain)); /* Check valid RSA key size is used while using hash length of SHA512
ret = wc_RsaPublicEncrypt_ex(in, inLen, out, sizeof(out), &key, &rng, If key size is less than (hash length * 2) + 2 then is invalid use
and test, since OAEP padding requires this.
BAD_FUNC_ARG is returned when this case is not met */
if (wc_RsaEncryptSize(&key) > ((int)SHA512_DIGEST_SIZE * 2) + 2) {
XMEMSET(plain, 0, sizeof(plain));
ret = wc_RsaPublicEncrypt_ex(in, inLen, out, sizeof(out), &key, &rng,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0); WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
if (ret < 0) { if (ret < 0) {
free(tmp); free(tmp);
return -343; return -343;
} }
ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key, ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0); WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
if (ret < 0) { if (ret < 0) {
free(tmp); free(tmp);
return -344; return -344;
}
if (XMEMCMP(plain, in, inLen)) {
free(tmp);
return -345;
}
} }
if (XMEMCMP(plain, in, inLen)) { #endif /* WOLFSSL_SHA512 */
free(tmp);
return -345;
}
#endif /* NO_SHA */
/* check using pkcsv15 padding with _ex API */ /* check using pkcsv15 padding with _ex API */
XMEMSET(plain, 0, sizeof(plain)); XMEMSET(plain, 0, sizeof(plain));