Merge pull request #4091 from JacobBarthelmeh/Testing

add strict check on signature length
2025-07-29 18:27:29 +02:00 · 2021-06-07 11:02:02 -07:00
parent 898b9d5e24 f97ca1c1ca
commit 3e307aa626
2 changed files with 34 additions and 0 deletions
--- a/tests/api.c
+++ b/tests/api.c
@ -21038,12 +21038,14 @@ static int test_wc_ecc_signVerify_hash (void)
    #endif
    word32      siglen = ECC_BUFSIZE;
    byte        sig[ECC_BUFSIZE];
+    byte        adjustedSig[ECC_BUFSIZE+1];
    byte        digest[] = TEST_STRING;
    word32      digestlen = (word32)TEST_STRING_SZ;

    /* Init stack var */
    XMEMSET(sig, 0, siglen);
    XMEMSET(&key, 0, sizeof(key));
+    XMEMSET(adjustedSig, 0, ECC_BUFSIZE+1);

    /* Init structs. */
    ret = wc_InitRng(&rng);
@ -21095,6 +21097,20 @@ static int test_wc_ecc_signVerify_hash (void)
        if (verify != 1 && ret == 0) {
            ret = WOLFSSL_FATAL_ERROR;
        }
+
+        /* test check on length of signature passed in */
+        XMEMCPY(adjustedSig, sig, siglen);
+        adjustedSig[1] = adjustedSig[1] + 1; /* add 1 to length for extra byte*/
+#ifndef NO_STRICT_ECDSA_LEN
+        AssertIntNE(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
+                    &verify, &key), 0);
+#else
+        /* if NO_STRICT_ECDSA_LEN is set then extra bytes after the signature
+         * is allowed */
+        AssertIntEQ(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
+                    &verify, &key), 0);
+#endif
+
        /* Test bad args. */
        if (ret == 0) {
            verifyH = wc_ecc_verify_hash(NULL, siglen, digest, digestlen,
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -15964,6 +15964,14 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
    if (s)
        XMEMCPY(s, (byte*)sig + idx, len);

+#ifndef NO_STRICT_ECDSA_LEN
+    /* sanity check that the index has been advanced all the way to the end of
+     * the buffer */
+    if (idx + len != sigLen) {
+        ret = ASN_ECC_KEY_E;
+    }
+#endif
+
    return ret;
 }
 #endif
@ -15999,6 +16007,16 @@ int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s)
        return ASN_ECC_KEY_E;
    }

+#ifndef NO_STRICT_ECDSA_LEN
+    /* sanity check that the index has been advanced all the way to the end of
+     * the buffer */
+    if (idx != sigLen) {
+        mp_clear(r);
+        mp_clear(s);
+        return ASN_ECC_KEY_E;
+    }
+#endif
+
    return 0;
 }
 #endif