feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

sanity check on length in wolfSSL_BN_rand

Browse Source
This commit is contained in:
Jacob Barthelmeh
2021-03-17 13:41:27 +07:00
parent 6995f6dedc
commit d439694eb6
2 changed files with 49 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/ssl.c
View File

@ -50833,7 +50833,7 @@ int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n)
int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
{ {
int ret = 0; int ret = 0;
int len = bits / 8; int len;
int initTmpRng = 0; int initTmpRng = 0;
WC_RNG* rng = NULL; WC_RNG* rng = NULL;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@ -50848,9 +50848,19 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
(void)bottom; (void)bottom;
WOLFSSL_MSG("wolfSSL_BN_rand"); WOLFSSL_MSG("wolfSSL_BN_rand");
if (bits <= 0) {
return WOLFSSL_FAILURE;
}
len = bits / 8;
if (bits % 8) if (bits % 8)
len++; len++;
/* has to be a length of at least 1 since we set buf[0] and buf[len-1] */
if (len < 1) {
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
@ -50906,7 +50916,7 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
{ {
int ret = 0; int ret = 0;
int len = bits / 8; int len;
int initTmpRng = 0; int initTmpRng = 0;
WC_RNG* rng = NULL; WC_RNG* rng = NULL;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@ -50917,11 +50927,23 @@ int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
byte buff[1024]; byte buff[1024];
#endif #endif
WOLFSSL_MSG("wolfSSL_BN_rand"); WOLFSSL_MSG("wolfSSL_BN_pseudo_rand");
if (bits <= 0) {
return WOLFSSL_FAILURE;
}
len = bits / 8;
if (bits % 8) if (bits % 8)
len++; len++;
/* has to be a length of at least 1 since we set buf[0] and buf[len-1] */
if (top == 1 || top == 0 || bottom == 1) {
if (len < 1) {
return WOLFSSL_FAILURE;
}
}
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);

24
tests/api.c
View File

@ -30458,6 +30458,29 @@ static void test_wolfSSL_RAND_bytes(void)
#endif #endif
} }
static void test_wolfSSL_BN_rand(void)
{
#if defined(OPENSSL_EXTRA)
BIGNUM* bn;
printf(testingFmt, "wolfSSL_BN_rand()");
AssertNotNull(bn = BN_new());
AssertIntNE(BN_rand(bn, 0, 0, 0), SSL_SUCCESS);
BN_free(bn);
AssertNotNull(bn = BN_new());
AssertIntEQ(BN_rand(bn, 8, 0, 0), SSL_SUCCESS);
BN_free(bn);
AssertNotNull(bn = BN_new());
AssertIntEQ(BN_rand(bn, 64, 0, 0), SSL_SUCCESS);
BN_free(bn);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_pseudo_rand(void) static void test_wolfSSL_pseudo_rand(void)
{ {
#if defined(OPENSSL_EXTRA) #if defined(OPENSSL_EXTRA)
@ -41550,6 +41573,7 @@ void ApiTest(void)
test_wolfSSL_CTX_set_ecdh_auto(); test_wolfSSL_CTX_set_ecdh_auto();
test_wolfSSL_THREADID_hash(); test_wolfSSL_THREADID_hash();
test_wolfSSL_RAND_bytes(); test_wolfSSL_RAND_bytes();
test_wolfSSL_BN_rand();
test_wolfSSL_pseudo_rand(); test_wolfSSL_pseudo_rand();
test_wolfSSL_PKCS8_Compat(); test_wolfSSL_PKCS8_Compat();
test_wolfSSL_PKCS8_d2i(); test_wolfSSL_PKCS8_d2i();