From 550fbcfff7bc5e7f1397b9ea9eccd5063cafd18b Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 31 Oct 2019 10:07:47 -0600 Subject: [PATCH 1/3] add null checks (QSH and CRYPTOCELL) --- src/internal.c | 6 ++++-- wolfcrypt/src/ecc.c | 20 ++++++++++++++++++-- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/src/internal.c b/src/internal.c index 5d5115c74..8c25660e3 100644 --- a/src/internal.c +++ b/src/internal.c @@ -20726,7 +20726,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer) int offset = 0; word32 tmpSz = 0; buffer* buf; - QSHKey* current = ssl->peerQSHKey; + QSHKey* current; QSHScheme* schmPre = NULL; QSHScheme* schm = NULL; @@ -20735,6 +20735,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer) WOLFSSL_MSG("Generating QSH secret key material"); + current = ssl->peerQSHKey; /* get size of buffer needed */ while (current) { if (current->pub.length != 0) { @@ -20816,11 +20817,12 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer) static word32 QSH_KeyGetSize(WOLFSSL* ssl) { word32 sz = 0; - QSHKey* current = ssl->peerQSHKey; + QSHKey* current; if (ssl == NULL) return -1; + current = ssl->peerQSHKey; sz += OPAQUE16_LEN; /* type of extension ie 0x00 0x18 */ sz += OPAQUE24_LEN; /* get size of buffer needed */ diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 7b6630508..509f8bbea 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4037,12 +4037,20 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id) CRYS_ECPKI_KG_TempData_t tempBuff; CRYS_ECPKI_KG_FipsContext_t fipsCtx; byte ucompressed_key[ECC_MAX_CRYPTO_HW_SIZE*2 + 1]; - word32 raw_size = (word32) (key->dp->size)*2 + 1; + word32 raw_size; #endif if (key == NULL || rng == NULL) { return BAD_FUNC_ARG; } +#if defined(WOLFSSL_CRYPTOCELL) + if (key->dp == NULL) { + WOLFSSL_MSG("ECC internal dp structure was NULL"); + return BAD_FUNC_ARG; + } + + raw_size = (word32) (key->dp->size)*2 + 1; +#endif /* make sure required variables are reset */ wc_ecc_reset(key); @@ -7232,13 +7240,21 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, const CRYS_ECPKI_Domain_t* pDomain; CRYS_ECPKI_BUILD_TempData_t tempBuff; byte key_raw[ECC_MAX_CRYPTO_HW_SIZE*2 + 1]; - word32 keySz = key->dp->size; + word32 keySz; #endif /* if d is NULL, only import as public key using Qx,Qy */ if (key == NULL || qx == NULL || qy == NULL) { return BAD_FUNC_ARG; } +#if defined(WOLFSSL_CRYPTOCELL) + if (key->dp == NULL) { + WOLFSSL_MSG("ECC internal dp structure was NULL"); + return BAD_FUNC_ARG; + } + + keySz = (word32) (key->dp->size)*2 + 1; +#endif /* make sure required variables are reset */ wc_ecc_reset(key); From 1361e4dbef28734fe05803550b0dd7557d78bc64 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 4 Nov 2019 23:25:47 -0700 Subject: [PATCH 2/3] remove extra setting of ecc key size with CRYPTOCELL build --- wolfcrypt/src/ecc.c | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 509f8bbea..e91bdd8a7 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4037,20 +4037,12 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id) CRYS_ECPKI_KG_TempData_t tempBuff; CRYS_ECPKI_KG_FipsContext_t fipsCtx; byte ucompressed_key[ECC_MAX_CRYPTO_HW_SIZE*2 + 1]; - word32 raw_size; + word32 raw_size = 0; #endif if (key == NULL || rng == NULL) { return BAD_FUNC_ARG; } -#if defined(WOLFSSL_CRYPTOCELL) - if (key->dp == NULL) { - WOLFSSL_MSG("ECC internal dp structure was NULL"); - return BAD_FUNC_ARG; - } - - raw_size = (word32) (key->dp->size)*2 + 1; -#endif /* make sure required variables are reset */ wc_ecc_reset(key); @@ -7240,21 +7232,13 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, const CRYS_ECPKI_Domain_t* pDomain; CRYS_ECPKI_BUILD_TempData_t tempBuff; byte key_raw[ECC_MAX_CRYPTO_HW_SIZE*2 + 1]; - word32 keySz; + word32 keySz = 0; #endif /* if d is NULL, only import as public key using Qx,Qy */ if (key == NULL || qx == NULL || qy == NULL) { return BAD_FUNC_ARG; } -#if defined(WOLFSSL_CRYPTOCELL) - if (key->dp == NULL) { - WOLFSSL_MSG("ECC internal dp structure was NULL"); - return BAD_FUNC_ARG; - } - - keySz = (word32) (key->dp->size)*2 + 1; -#endif /* make sure required variables are reset */ wc_ecc_reset(key); From a6e4926d2f7a8e547f66e5e76dfc30aa249c8738 Mon Sep 17 00:00:00 2001 From: Tesfa Mael Date: Tue, 5 Nov 2019 15:14:47 -0800 Subject: [PATCH 3/3] Init variables --- wolfcrypt/src/ecc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index e91bdd8a7..8321837cf 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4110,6 +4110,7 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id) #elif defined(WOLFSSL_CRYPTOCELL) pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(curve_id)); + raw_size = (word32)(key->dp->size)*2 + 1; /* generate first key pair */ err = CRYS_ECPKI_GenKeyPair(&wc_rndState, @@ -7299,7 +7300,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, #elif defined(WOLFSSL_CRYPTOCELL) if (err == MP_OKAY) { key_raw[0] = ECC_POINT_UNCOMP; - keySz = key->dp->size; + keySz = (word32)key->dp->size; err = wc_export_int(key->pubkey.x, &key_raw[1], &keySz, keySz, WC_TYPE_UNSIGNED_BIN); if (err == MP_OKAY)