diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs b/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs index 791f40b036..d0e3fefc79 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs @@ -985,6 +985,10 @@ impl ECC { /// ``` #[cfg(ecc_import)] pub fn import_unsigned(qx: &[u8], qy: &[u8], d: &[u8], curve_id: i32, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let curve_size = Self::get_curve_size_from_id(curve_id)? as usize; + if qx.len() < curve_size || qy.len() < curve_size || d.len() < curve_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } let heap = heap.unwrap_or(core::ptr::null_mut()); let dev_id = dev_id.unwrap_or(sys::INVALID_DEVID); let wc_ecc_key = Self::new_ecc_key(heap, dev_id)?; diff --git a/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs b/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs index 3e7a0ef79d..8bc3d369c1 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs @@ -9,6 +9,8 @@ use std::rc::Rc; use wolfssl_wolfcrypt::ecc::*; #[cfg(random)] use wolfssl_wolfcrypt::random::RNG; +#[cfg(ecc_import)] +use wolfssl_wolfcrypt::sys; #[test] #[cfg(random)] @@ -292,6 +294,33 @@ fn test_ecc_import_unsigned() { assert_eq!(valid, true); } +#[test] +#[cfg(ecc_import)] +fn test_ecc_import_unsigned_short_slices() { + common::setup(); + + let curve_id = ECC::SECP256R1; + let qx = [0u8; 32]; + let qy = [0u8; 32]; + let d = [0u8; 32]; + let empty: [u8; 0] = []; + + let cases: [(&[u8], &[u8], &[u8]); 6] = [ + (&qx[..31], &qy, &d ), + (&qx, &qy[..31], &d ), + (&qx, &qy, &d[..31] ), + (&empty, &qy, &d ), + (&qx, &empty, &d ), + (&qx, &qy, &empty ), + ]; + for (qx, qy, d) in cases { + match ECC::import_unsigned(qx, qy, d, curve_id, None, None) { + Ok(_) => panic!("import_unsigned() should fail with short slice"), + Err(rc) => assert_eq!(rc, sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG), + } + } +} + #[test] #[cfg(random)] fn test_ecc_make_pub() {