wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5309 from kareem-wolfssl/arrayBoundFix

Browse Source 
Pass in and check output length in SetCurve.
This commit is contained in:
David Garske
2022-07-01 18:58:42 -07:00
committed by GitHub
parent bd75e1d6a4 90749b7f88
commit 6c7db7318e
3 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/internal.c
View File

@ -17957,7 +17957,7 @@ int ProcessReply(WOLFSSL* ssl)
closed and the endpoint wants to check for an alert sent by the other end. */ closed and the endpoint wants to check for an alert sent by the other end. */
int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
{ {
int ret = 0, type, readSz; int ret = 0, type = internal_error, readSz;
int atomicUser = 0; int atomicUser = 0;
word32 startIdx = 0; word32 startIdx = 0;
#if defined(WOLFSSL_DTLS) #if defined(WOLFSSL_DTLS)

23
wolfcrypt/src/asn.c
View File

@ -13288,7 +13288,7 @@ word32 SetExplicit(byte number, word32 len, byte* output)
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)
static int SetCurve(ecc_key* key, byte* output) static int SetCurve(ecc_key* key, byte* output, size_t outSz)
{ {
#ifdef HAVE_OID_ENCODING #ifdef HAVE_OID_ENCODING
int ret; int ret;
@ -13323,6 +13323,8 @@ static int SetCurve(ecc_key* key, byte* output)
return ret; return ret;
} }
#else #else
if (oidSz > outSz)
return BUFFER_E;
XMEMCPY(output+idx, key->dp->oid, oidSz); XMEMCPY(output+idx, key->dp->oid, oidSz);
#endif #endif
idx += oidSz; idx += oidSz;
@ -22108,7 +22110,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen,
/* headers */ /* headers */
if (with_header) { if (with_header) {
curveSz = SetCurve(key, NULL); curveSz = SetCurve(key, NULL, 0);
if (curveSz <= 0) { if (curveSz <= 0) {
return curveSz; return curveSz;
} }
@ -22131,7 +22133,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen,
idx += algoSz; idx += algoSz;
/* curve */ /* curve */
if (output) if (output)
(void)SetCurve(key, output + idx); (void)SetCurve(key, output + idx, curveSz);
idx += curveSz; idx += curveSz;
/* bit string */ /* bit string */
if (output) if (output)
@ -22155,7 +22157,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen,
word32 pubSz = 0; word32 pubSz = 0;
int sz = 0; int sz = 0;
int ret = 0; int ret = 0;
int curveIdSz; int curveIdSz = 0;
byte* curveOid = NULL; byte* curveOid = NULL;
/* Check key validity. */ /* Check key validity. */
@ -22180,7 +22182,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen,
CALLOC_ASNSETDATA(dataASN, eccPublicKeyASN_Length, ret, key->heap); CALLOC_ASNSETDATA(dataASN, eccPublicKeyASN_Length, ret, key->heap);
/* Get the length of the named curve OID to put into the encoding. */ /* Get the length of the named curve OID to put into the encoding. */
curveIdSz = SetCurve(key, NULL); curveIdSz = SetCurve(key, NULL, 0);
if (curveIdSz < 0) { if (curveIdSz < 0) {
ret = curveIdSz; ret = curveIdSz;
} }
@ -22228,7 +22230,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen,
if ((ret == 0) && (output != NULL)) { if ((ret == 0) && (output != NULL)) {
/* Put named curve OID data into encoding. */ /* Put named curve OID data into encoding. */
curveIdSz = SetCurve(key, curveOid); curveIdSz = SetCurve(key, curveOid, curveIdSz);
if (curveIdSz < 0) { if (curveIdSz < 0) {
ret = curveIdSz; ret = curveIdSz;
} }
@ -29154,7 +29156,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
/* curve */ /* curve */
curve[curveidx++] = ECC_PREFIX_0; curve[curveidx++] = ECC_PREFIX_0;
curveidx++ /* to put the size after computation */; curveidx++ /* to put the size after computation */;
curveSz = SetCurve(key, curve+curveidx); curveSz = SetCurve(key, curve+curveidx, MAX_ALGO_SZ);
if (curveSz < 0) if (curveSz < 0)
return curveSz; return curveSz;
/* set computed size */ /* set computed size */
@ -29304,7 +29306,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
word32 privSz, pubSz; word32 privSz, pubSz;
int sz = 0; int sz = 0;
int ret = 0; int ret = 0;
int curveIdSz; int curveIdSz = 0;
/* Check validity of parameters. */ /* Check validity of parameters. */
if ((key == NULL) || ((output == NULL) && (inLen == NULL))) { if ((key == NULL) || ((output == NULL) && (inLen == NULL))) {
@ -29337,7 +29339,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
SetASN_Buffer(&dataASN[ECCKEYASN_IDX_PKEY], NULL, privSz); SetASN_Buffer(&dataASN[ECCKEYASN_IDX_PKEY], NULL, privSz);
if (curveIn) { if (curveIn) {
/* Get length of the named curve OID to put into the encoding. */ /* Get length of the named curve OID to put into the encoding. */
curveIdSz = SetCurve(key, NULL); curveIdSz = SetCurve(key, NULL, 0);
if (curveIdSz < 0) { if (curveIdSz < 0) {
ret = curveIdSz; ret = curveIdSz;
} }
@ -29381,7 +29383,8 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
if (curveIn) { if (curveIn) {
/* Put named curve OID data into encoding. */ /* Put named curve OID data into encoding. */
curveIdSz = SetCurve(key, curveIdSz = SetCurve(key,
(byte*)dataASN[ECCKEYASN_IDX_CURVEID].data.buffer.data); (byte*)dataASN[ECCKEYASN_IDX_CURVEID].data.buffer.data,
curveIdSz);
if (curveIdSz < 0) { if (curveIdSz < 0) {
ret = curveIdSz; ret = curveIdSz;
} }

2
wolfcrypt/test/test.c
View File

@ -413,7 +413,9 @@ WOLFSSL_TEST_SUBROUTINE int hmac_sha3_test(void);
static int hkdf_test(void); static int hkdf_test(void);
#endif #endif
WOLFSSL_TEST_SUBROUTINE int sshkdf_test(void); WOLFSSL_TEST_SUBROUTINE int sshkdf_test(void);
#ifdef WOLFSSL_TLS13
WOLFSSL_TEST_SUBROUTINE int tls13_kdf_test(void); WOLFSSL_TEST_SUBROUTINE int tls13_kdf_test(void);
#endif
WOLFSSL_TEST_SUBROUTINE int x963kdf_test(void); WOLFSSL_TEST_SUBROUTINE int x963kdf_test(void);
WOLFSSL_TEST_SUBROUTINE int arc4_test(void); WOLFSSL_TEST_SUBROUTINE int arc4_test(void);
#ifdef WC_RC2 #ifdef WC_RC2