wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-05-05 11:14:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

ECC sign hash: only allow up to max digest size

Browse Source 
Validate that the hash passed in is of an appropriate length - not
greater than the maximum digest size.
This commit is contained in:
Sean Parkinson
2025-11-13 11:21:17 +10:00
parent 5a8411a1ad
commit 6c30186168
3 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/api/test_ecc.c
+8
View File
@@ -429,6 +429,10 @@ int test_wc_ecc_signVerify_hash(void)
WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, NULL),
WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
#if (!defined(HAVE_FIPS) || FIPS_VERSION_GT(7,0)) && !defined(HAVE_SELFTEST)
ExpectIntEQ(wc_ecc_sign_hash(digest, WC_MAX_DIGEST_SIZE+1, sig, &siglen,
&rng, &key), WC_NO_ERR_TRACE(BAD_LENGTH_E));
#endif
#ifdef HAVE_ECC_VERIFY
ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify,
@@ -457,6 +461,10 @@ int test_wc_ecc_signVerify_hash(void)
WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify,
NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
#if (!defined(HAVE_FIPS) || FIPS_VERSION_GT(7,0)) && !defined(HAVE_SELFTEST)
ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, WC_MAX_DIGEST_SIZE+1,
&verify, &key), WC_NO_ERR_TRACE(BAD_LENGTH_E));
#endif
#endif /* HAVE_ECC_VERIFY */
DoExpectIntEQ(wc_FreeRng(&rng), 0);