From 139504b9fd72da18d428fafc5f9f35a473537507 Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Fri, 10 Jan 2025 08:46:40 -0600
Subject: [PATCH 1/4] Check r and s len before copying

---
 wolfcrypt/src/asn.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 6335df305..eb57bdc69 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -33779,8 +33779,14 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
     ret = GetASNInt(sig, &idx, &len, sigLen);
     if (ret != 0)
         return ret;
-    if (rLen)
-        *rLen = (word32)len;
+    if (rLen) {
+        if (*rLen >= (word32)len)
+            *rLen = (word32)len;
+        else {
+            /* Buffer too small to hold r value */
+            return BUFFER_E;
+        }
+    }
     if (r)
         XMEMCPY(r, (byte*)sig + idx, (size_t)len);
     idx += (word32)len;
@@ -33788,8 +33794,14 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
     ret = GetASNInt(sig, &idx, &len, sigLen);
     if (ret != 0)
         return ret;
-    if (sLen)
-        *sLen = (word32)len;
+    if (sLen) {
+        if (*sLen >= (word32)len)
+            *sLen = (word32)len;
+        else {
+            /* Buffer too small to hold r value */
+            return BUFFER_E;
+        }
+    }
     if (s)
         XMEMCPY(s, (byte*)sig + idx, (size_t)len);
 

From 53831d0f32273294925c82b6977d250409a9acc1 Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Fri, 10 Jan 2025 10:06:14 -0600
Subject: [PATCH 2/4] Add test

---
 tests/api.c         | 6 ++++++
 wolfcrypt/src/asn.c | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/tests/api.c b/tests/api.c
index 0ad5c086c..55dd895c1 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -26492,6 +26492,7 @@ static int test_wc_ecc_rs_to_sig(void)
     byte        s[KEY24];
     word32      rlen = (word32)sizeof(r);
     word32      slen = (word32)sizeof(s);
+    word32      zeroLen = 0;
 
     /* Init stack variables. */
     XMEMSET(sig, 0, ECC_MAX_SIG_SIZE);
@@ -26517,6 +26518,11 @@ static int test_wc_ecc_rs_to_sig(void)
         WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL),
         WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &zeroLen, s, &slen),
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
+    ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &zeroLen),
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
+
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_ecc_rs_to_sig */
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index eb57bdc69..2f8b6b911 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -33784,7 +33784,7 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
             *rLen = (word32)len;
         else {
             /* Buffer too small to hold r value */
-            return BUFFER_E;
+            return ASN_PARSE_E;
         }
     }
     if (r)
@@ -33799,7 +33799,7 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
             *sLen = (word32)len;
         else {
             /* Buffer too small to hold r value */
-            return BUFFER_E;
+            return ASN_PARSE_E;
         }
     }
     if (s)

From 462aa5bec640352807cc0e8471a7fa0a6c060bd3 Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Fri, 10 Jan 2025 16:47:13 -0600
Subject: [PATCH 3/4] Exclude new test for FIPS

---
 tests/api.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tests/api.c b/tests/api.c
index 55dd895c1..05ad9486f 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -26492,7 +26492,9 @@ static int test_wc_ecc_rs_to_sig(void)
     byte        s[KEY24];
     word32      rlen = (word32)sizeof(r);
     word32      slen = (word32)sizeof(s);
+#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
     word32      zeroLen = 0;
+#endif
 
     /* Init stack variables. */
     XMEMSET(sig, 0, ECC_MAX_SIG_SIZE);
@@ -26518,11 +26520,12 @@ static int test_wc_ecc_rs_to_sig(void)
         WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
     ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL),
         WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
     ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &zeroLen, s, &slen),
         WC_NO_ERR_TRACE(ASN_PARSE_E));
     ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &zeroLen),
         WC_NO_ERR_TRACE(ASN_PARSE_E));
-
+#endif
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_ecc_rs_to_sig */

From 9c4ef7cd30a4a2ce47045df2680f93f958875eb4 Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Mon, 20 Jan 2025 08:40:36 -0600
Subject: [PATCH 4/4] Use BUFFER_E instead of ASN_PARSE_E when buffer is too
 small

---
 tests/api.c         | 4 ++--
 wolfcrypt/src/asn.c | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/tests/api.c b/tests/api.c
index 05ad9486f..f29417c39 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -26522,9 +26522,9 @@ static int test_wc_ecc_rs_to_sig(void)
         WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
     ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &zeroLen, s, &slen),
-        WC_NO_ERR_TRACE(ASN_PARSE_E));
+        WC_NO_ERR_TRACE(BUFFER_E));
     ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &zeroLen),
-        WC_NO_ERR_TRACE(ASN_PARSE_E));
+        WC_NO_ERR_TRACE(BUFFER_E));
 #endif
 #endif
     return EXPECT_RESULT();
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 2f8b6b911..63fb174ff 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -1300,7 +1300,7 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data,
                 WOLFSSL_MSG_VSNPRINTF("Buffer too small for data: %d %d", len,
                         *data->data.buffer.length);
             #endif
-                return ASN_PARSE_E;
+                return BUFFER_E;
             }
             /* Copy in data and record actual length seen. */
             XMEMCPY(data->data.buffer.data, input + idx, (size_t)len);
@@ -33784,7 +33784,7 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
             *rLen = (word32)len;
         else {
             /* Buffer too small to hold r value */
-            return ASN_PARSE_E;
+            return BUFFER_E;
         }
     }
     if (r)
@@ -33798,8 +33798,8 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
         if (*sLen >= (word32)len)
             *sLen = (word32)len;
         else {
-            /* Buffer too small to hold r value */
-            return ASN_PARSE_E;
+            /* Buffer too small to hold s value */
+            return BUFFER_E;
         }
     }
     if (s)