forked from wolfSSL/wolfssl
Fixed possible memory leak on signature wrapper ASN encode and corrected the maximum header size. Added new MAX_ENCODED_HEADER_SZ which is the maximum encoded ASN header size and update asn.c to use it. Added comment about key size sanity check. Renamed wc_SignatureRsaEncode to wc_SignatureAsnEncode.
This commit is contained in:
David Garske
@@ -7023,7 +7023,7 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz,
|
|||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
byte* encSig;
|
byte* encSig;
|
||||||
#else
|
#else
|
||||||
byte encSig[MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ];
|
byte encSig[MAX_ENCODED_HEADER_SZ];
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
(void)digest;
|
(void)digest;
|
||||||
@@ -7085,7 +7085,7 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz,
|
|||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
encSig = (byte*)XMALLOC(MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ,
|
encSig = (byte*)XMALLOC(MAX_ENCODED_HEADER_SZ,
|
||||||
NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
if (encSig == NULL)
|
if (encSig == NULL)
|
||||||
return MEMORY_E;
|
return MEMORY_E;
|
||||||
|
|||||||
@@ -47,7 +47,7 @@
|
|||||||
#ifndef NO_SIG_WRAPPER
|
#ifndef NO_SIG_WRAPPER
|
||||||
|
|
||||||
#if !defined(NO_RSA) && !defined(NO_ASN)
|
#if !defined(NO_RSA) && !defined(NO_ASN)
|
||||||
static int wc_SignatureRsaEncode(enum wc_HashType hash_type, byte** hash_data,
|
static int wc_SignatureAsnEncode(enum wc_HashType hash_type, byte** hash_data,
|
||||||
word32* hash_len)
|
word32* hash_len)
|
||||||
{
|
{
|
||||||
int ret = wc_HashGetOID(hash_type);
|
int ret = wc_HashGetOID(hash_type);
|
||||||
@@ -55,7 +55,7 @@ static int wc_SignatureRsaEncode(enum wc_HashType hash_type, byte** hash_data,
|
|||||||
int oid = ret;
|
int oid = ret;
|
||||||
|
|
||||||
/* Allocate buffer for hash and encoded ASN header */
|
/* Allocate buffer for hash and encoded ASN header */
|
||||||
word32 digest_len = *hash_len + MAX_ALGO_SZ;
|
word32 digest_len = *hash_len + MAX_ENCODED_HEADER_SZ;
|
||||||
byte *digest_buf = (byte*)XMALLOC(digest_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
byte *digest_buf = (byte*)XMALLOC(digest_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
if (digest_buf) {
|
if (digest_buf) {
|
||||||
ret = wc_EncodeSignature(digest_buf, *hash_data, *hash_len, oid);
|
ret = wc_EncodeSignature(digest_buf, *hash_data, *hash_len, oid);
|
||||||
@@ -67,6 +67,9 @@ static int wc_SignatureRsaEncode(enum wc_HashType hash_type, byte** hash_data,
|
|||||||
*hash_data = digest_buf;
|
*hash_data = digest_buf;
|
||||||
*hash_len = digest_len;
|
*hash_len = digest_len;
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
XFREE(digest_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
ret = MEMORY_E;
|
ret = MEMORY_E;
|
||||||
@@ -88,6 +91,7 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
|
|||||||
switch(sig_type) {
|
switch(sig_type) {
|
||||||
case WC_SIGNATURE_TYPE_ECC:
|
case WC_SIGNATURE_TYPE_ECC:
|
||||||
#ifdef HAVE_ECC
|
#ifdef HAVE_ECC
|
||||||
|
/* Santity check that void* key is at least ecc_key in size */
|
||||||
if (key_len >= sizeof(ecc_key)) {
|
if (key_len >= sizeof(ecc_key)) {
|
||||||
sig_len = wc_ecc_sig_size((ecc_key*)key);
|
sig_len = wc_ecc_sig_size((ecc_key*)key);
|
||||||
}
|
}
|
||||||
@@ -102,6 +106,7 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
|
|||||||
case WC_SIGNATURE_TYPE_RSA_W_ENC:
|
case WC_SIGNATURE_TYPE_RSA_W_ENC:
|
||||||
case WC_SIGNATURE_TYPE_RSA:
|
case WC_SIGNATURE_TYPE_RSA:
|
||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
|
/* Santity check that void* key is at least RsaKey in size */
|
||||||
if (key_len >= sizeof(RsaKey)) {
|
if (key_len >= sizeof(RsaKey)) {
|
||||||
sig_len = wc_RsaEncryptSize((RsaKey*)key);
|
sig_len = wc_RsaEncryptSize((RsaKey*)key);
|
||||||
}
|
}
|
||||||
@@ -183,7 +188,7 @@ int wc_SignatureVerify(
|
|||||||
ret = SIG_TYPE_E;
|
ret = SIG_TYPE_E;
|
||||||
break;
|
break;
|
||||||
#else
|
#else
|
||||||
ret = wc_SignatureRsaEncode(hash_type, &hash_data, &hash_len);
|
ret = wc_SignatureAsnEncode(hash_type, &hash_data, &hash_len);
|
||||||
/* Check for error */
|
/* Check for error */
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
break;
|
break;
|
||||||
@@ -300,7 +305,7 @@ int wc_SignatureGenerate(
|
|||||||
ret = SIG_TYPE_E;
|
ret = SIG_TYPE_E;
|
||||||
break;
|
break;
|
||||||
#else
|
#else
|
||||||
ret = wc_SignatureRsaEncode(hash_type, &hash_data, &hash_len);
|
ret = wc_SignatureAsnEncode(hash_type, &hash_data, &hash_len);
|
||||||
/* Check for error */
|
/* Check for error */
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
break;
|
break;
|
||||||
|
|||||||
@@ -166,6 +166,7 @@ enum Misc_ASN {
|
|||||||
MAX_RSA_E_SZ = 16, /* Max RSA public e size */
|
MAX_RSA_E_SZ = 16, /* Max RSA public e size */
|
||||||
MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
|
MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
|
||||||
MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
|
MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
|
||||||
|
MAX_ENCODED_HEADER_SZ = MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, /* Maximum encoded signature header size */
|
||||||
#ifdef WOLFSSL_CERT_GEN
|
#ifdef WOLFSSL_CERT_GEN
|
||||||
#ifdef WOLFSSL_CERT_REQ
|
#ifdef WOLFSSL_CERT_REQ
|
||||||
/* Max encoded cert req attributes length */
|
/* Max encoded cert req attributes length */
|
||||||
|
|||||||
Reference in New Issue
Block a user