wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-05 13:44:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1402 from JacobBarthelmeh/Testing

Browse Source 
Improve bounds and sanity checks
This commit is contained in:
toddouska
2018-02-28 09:45:19 -08:00
committed by GitHub
parent 02970c9a11 25e7dbd17a
commit b6aae0c2d1
1 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
wolfcrypt/src/asn.c
View File

@@ -11128,6 +11128,7 @@ static void ByteToHex(byte n, char* str)
str[1] = hexChar[n & 0xf]; str[1] = hexChar[n & 0xf];
} }
/* returns 0 on success */
static int ASNToHexString(const byte* input, word32* inOutIdx, char** out, static int ASNToHexString(const byte* input, word32* inOutIdx, char** out,
word32 inSz, void* heap, int heapType) word32 inSz, void* heap, int heapType)
{ {
@@ -11135,6 +11136,10 @@ static int ASNToHexString(const byte* input, word32* inOutIdx, char** out,
int i; int i;
char* str; char* str;
if (*inOutIdx >= inSz) {
return BUFFER_E;
}
if (input[*inOutIdx] == ASN_INTEGER) { if (input[*inOutIdx] == ASN_INTEGER) {
if (GetASNInt(input, inOutIdx, &len, inSz) < 0) if (GetASNInt(input, inOutIdx, &len, inSz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
@@ -11177,6 +11182,10 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
if (ret != 0) if (ret != 0)
return ret; return ret;
if (*inOutIdx >= inSz) {
return BUFFER_E;
}
if (input[*inOutIdx] == (ASN_SEQUENCE | ASN_CONSTRUCTED)) { if (input[*inOutIdx] == (ASN_SEQUENCE | ASN_CONSTRUCTED)) {
#ifdef WOLFSSL_CUSTOM_CURVES #ifdef WOLFSSL_CUSTOM_CURVES
ecc_set_type* curve; ecc_set_type* curve;
@@ -11224,23 +11233,33 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
key->heap, DYNAMIC_TYPE_ECC_BUFFER); key->heap, DYNAMIC_TYPE_ECC_BUFFER);
} }
if (ret == 0) { if (ret == 0) {
if (input[*inOutIdx] == ASN_BIT_STRING) { if (*inOutIdx < inSz && input[*inOutIdx] == ASN_BIT_STRING) {
len = 0; len = 0;
ret = GetASNHeader(input, ASN_BIT_STRING, inOutIdx, &len, inSz); ret = GetASNHeader(input, ASN_BIT_STRING, inOutIdx, &len, inSz);
inOutIdx += len; *inOutIdx += len;
} }
} }
if (ret == 0) { if (ret == 0) {
ret = ASNToHexString(input, inOutIdx, (char**)&point, inSz, ret = ASNToHexString(input, inOutIdx, (char**)&point, inSz,
key->heap, DYNAMIC_TYPE_ECC_BUFFER); key->heap, DYNAMIC_TYPE_ECC_BUFFER);
/* sanity check that point buffer is not smaller than the expected
* size to hold ( 0 4 || Gx || Gy )
* where Gx and Gy are each the size of curve->size * 2 */
if (ret == 0 && (int)XSTRLEN(point) < (curve->size * 4) + 2) {
XFREE(point, key->heap, DYNAMIC_TYPE_ECC_BUFFER);
ret = BUFFER_E;
}
} }
if (ret == 0) { if (ret == 0) {
curve->Gx = (const char*)XMALLOC(curve->size * 2 + 2, key->heap, curve->Gx = (const char*)XMALLOC(curve->size * 2 + 2, key->heap,
DYNAMIC_TYPE_ECC_BUFFER); DYNAMIC_TYPE_ECC_BUFFER);
curve->Gy = (const char*)XMALLOC(curve->size * 2 + 2, key->heap, curve->Gy = (const char*)XMALLOC(curve->size * 2 + 2, key->heap,
DYNAMIC_TYPE_ECC_BUFFER); DYNAMIC_TYPE_ECC_BUFFER);
if (curve->Gx == NULL || curve->Gy == NULL) if (curve->Gx == NULL || curve->Gy == NULL) {
XFREE(point, key->heap, DYNAMIC_TYPE_ECC_BUFFER);
ret = MEMORY_E; ret = MEMORY_E;
}
} }
if (ret == 0) { if (ret == 0) {
XMEMCPY((char*)curve->Gx, point + 2, curve->size * 2); XMEMCPY((char*)curve->Gx, point + 2, curve->size * 2);