From c245c4a81263f07ddb2fce1a429d01293b68789c Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Sat, 5 Jun 2021 03:09:33 +0700
Subject: [PATCH 1/2] add strict check on signature length

---
 tests/api.c         | 15 +++++++++++++++
 wolfcrypt/src/asn.c | 14 ++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/tests/api.c b/tests/api.c
index 2e38a75d6..4838780a4 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -21038,6 +21038,7 @@ static int test_wc_ecc_signVerify_hash (void)
     #endif
     word32      siglen = ECC_BUFSIZE;
     byte        sig[ECC_BUFSIZE];
+    byte        adjustedSig[ECC_BUFSIZE+1];
     byte        digest[] = TEST_STRING;
     word32      digestlen = (word32)TEST_STRING_SZ;
 
@@ -21095,6 +21096,20 @@ static int test_wc_ecc_signVerify_hash (void)
         if (verify != 1 && ret == 0) {
             ret = WOLFSSL_FATAL_ERROR;
         }
+
+        /* test check on length of signature passed in */
+        XMEMCPY(adjustedSig, sig, siglen);
+        adjustedSig[1] = adjustedSig[1] + 1; /* add 1 to length for extra byte*/
+#ifndef NO_STRICT_ECDSA_LEN
+        AssertIntNE(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
+                    &verify, &key), 0);
+#else
+        /* if NO_STRICT_ECDSA_LEN is set then extra bytes after the signature
+         * is allowed */
+        AssertIntEQ(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
+                    &verify, &key), 0);
+#endif
+
         /* Test bad args. */
         if (ret == 0) {
             verifyH = wc_ecc_verify_hash(NULL, siglen, digest, digestlen,
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 9df7aaa3d..f52bbeb8d 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -15964,6 +15964,12 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
     if (s)
         XMEMCPY(s, (byte*)sig + idx, len);
 
+#ifndef NO_STRICT_ECDSA_LEN
+    if (idx + len != sigLen) {
+        ret = ASN_ECC_KEY_E;
+    }
+#endif
+
     return ret;
 }
 #endif
@@ -15999,6 +16005,14 @@ int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s)
         return ASN_ECC_KEY_E;
     }
 
+#ifndef NO_STRICT_ECDSA_LEN
+    if (idx != sigLen) {
+        mp_clear(r);
+        mp_clear(s);
+        return ASN_ECC_KEY_E;
+    }
+#endif
+
     return 0;
 }
 #endif

From f97ca1c1cae860a6c5fcae04dafa41e703d4518a Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Mon, 7 Jun 2021 19:44:05 +0700
Subject: [PATCH 2/2] adjust test case and add useful comments

---
 tests/api.c         | 1 +
 wolfcrypt/src/asn.c | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/tests/api.c b/tests/api.c
index 4838780a4..430bc1c35 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -21045,6 +21045,7 @@ static int test_wc_ecc_signVerify_hash (void)
     /* Init stack var */
     XMEMSET(sig, 0, siglen);
     XMEMSET(&key, 0, sizeof(key));
+    XMEMSET(adjustedSig, 0, ECC_BUFSIZE+1);
 
     /* Init structs. */
     ret = wc_InitRng(&rng);
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index f52bbeb8d..dad5d5c6b 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -15965,6 +15965,8 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
         XMEMCPY(s, (byte*)sig + idx, len);
 
 #ifndef NO_STRICT_ECDSA_LEN
+    /* sanity check that the index has been advanced all the way to the end of
+     * the buffer */
     if (idx + len != sigLen) {
         ret = ASN_ECC_KEY_E;
     }
@@ -16006,6 +16008,8 @@ int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s)
     }
 
 #ifndef NO_STRICT_ECDSA_LEN
+    /* sanity check that the index has been advanced all the way to the end of
+     * the buffer */
     if (idx != sigLen) {
         mp_clear(r);
         mp_clear(s);