feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #8350 from embhorn/zd19220

Browse Source 
Check r and s len before copying
This commit is contained in:
David Garske
2025-01-21 10:36:54 -08:00
committed by GitHub
parent a4c58614b9 9c4ef7cd30
commit 5df6989eab
2 changed files with 26 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
tests/api.c
View File

@@ -26492,6 +26492,9 @@ static int test_wc_ecc_rs_to_sig(void)
byte s[KEY24]; byte s[KEY24];
word32 rlen = (word32)sizeof(r); word32 rlen = (word32)sizeof(r);
word32 slen = (word32)sizeof(s); word32 slen = (word32)sizeof(s);
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
word32 zeroLen = 0;
#endif
/* Init stack variables. */ /* Init stack variables. */
XMEMSET(sig, 0, ECC_MAX_SIG_SIZE); XMEMSET(sig, 0, ECC_MAX_SIG_SIZE);
@@ -26517,6 +26520,12 @@ static int test_wc_ecc_rs_to_sig(void)
WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL), ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL),
WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &zeroLen, s, &slen),
WC_NO_ERR_TRACE(BUFFER_E));
ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &zeroLen),
WC_NO_ERR_TRACE(BUFFER_E));
#endif
#endif #endif
return EXPECT_RESULT(); return EXPECT_RESULT();
} /* END test_wc_ecc_rs_to_sig */ } /* END test_wc_ecc_rs_to_sig */

22
wolfcrypt/src/asn.c
View File

@@ -1300,7 +1300,7 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data,
WOLFSSL_MSG_VSNPRINTF("Buffer too small for data: %d %d", len, WOLFSSL_MSG_VSNPRINTF("Buffer too small for data: %d %d", len,
*data->data.buffer.length); *data->data.buffer.length);
#endif #endif
return ASN_PARSE_E; return BUFFER_E;
} }
/* Copy in data and record actual length seen. */ /* Copy in data and record actual length seen. */
XMEMCPY(data->data.buffer.data, input + idx, (size_t)len); XMEMCPY(data->data.buffer.data, input + idx, (size_t)len);
@@ -33786,8 +33786,14 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
ret = GetASNInt(sig, &idx, &len, sigLen); ret = GetASNInt(sig, &idx, &len, sigLen);
if (ret != 0) if (ret != 0)
return ret; return ret;
if (rLen) if (rLen) {
*rLen = (word32)len; if (*rLen >= (word32)len)
*rLen = (word32)len;
else {
/* Buffer too small to hold r value */
return BUFFER_E;
}
}
if (r) if (r)
XMEMCPY(r, (byte*)sig + idx, (size_t)len); XMEMCPY(r, (byte*)sig + idx, (size_t)len);
idx += (word32)len; idx += (word32)len;
@@ -33795,8 +33801,14 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
ret = GetASNInt(sig, &idx, &len, sigLen); ret = GetASNInt(sig, &idx, &len, sigLen);
if (ret != 0) if (ret != 0)
return ret; return ret;
if (sLen) if (sLen) {
*sLen = (word32)len; if (*sLen >= (word32)len)
*sLen = (word32)len;
else {
/* Buffer too small to hold s value */
return BUFFER_E;
}
}
if (s) if (s)
XMEMCPY(s, (byte*)sig + idx, (size_t)len); XMEMCPY(s, (byte*)sig + idx, (size_t)len);