feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for possible malformed encrypted key with DES3 causing negative length. If length is less than DES_BLOCK_SIZE then it could result in a negative der->length. ZD 11057

Browse Source
This commit is contained in:
David Garske
2020-10-08 13:07:07 -07:00
parent 4f6c1db9a2
commit d33d100526
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
wolfcrypt/src/asn.c
View File

@ -10672,7 +10672,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
#ifndef NO_DES3 #ifndef NO_DES3
if (info->cipherType == WC_CIPHER_DES3) { if (info->cipherType == WC_CIPHER_DES3) {
/* Assuming there is padding: /* Assuming there is padding:
* (der->length > 0 && * (der->length > 0 && der->length > DES_BLOCK_SIZE &&
* (der->length % DES_BLOCK_SIZE) != 0) * (der->length % DES_BLOCK_SIZE) != 0)
* and assuming the last value signifies the number of * and assuming the last value signifies the number of
* padded bytes IE if last value is 0x08 then there are * padded bytes IE if last value is 0x08 then there are
@ -10682,9 +10682,10 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
* der->length -= padVal; * der->length -= padVal;
*/ */
if (der->length > 0 && if (der->length > 0 &&
der->length > DES_BLOCK_SIZE &&
(der->length % DES_BLOCK_SIZE) != 0) { (der->length % DES_BLOCK_SIZE) != 0) {
padVal = der->buffer[der->length-1]; padVal = der->buffer[der->length-1];
if (padVal <= DES_BLOCK_SIZE) { if (padVal < DES_BLOCK_SIZE) {
der->length -= padVal; der->length -= padVal;
} }
} }