reject negative pemSz in PEM-to-DER APIs

This commit is contained in:
Jeremiah Mackey
2026-04-15 16:18:41 +00:00
parent b44d8c66d7
commit bdebcfc5a0
2 changed files with 17 additions and 3 deletions
+14
View File
@@ -11869,6 +11869,10 @@ static int test_wc_CertPemToDer(void)
(int)cert_dersz, CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der, -1,
CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wc_CertPemToDer(cert_buf, -1, cert_der, (int)cert_dersz,
CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wc_CertPemToDer(cert_buf, 0, cert_der, (int)cert_dersz,
CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
if (cert_der != NULL)
free(cert_der);
@@ -11925,6 +11929,12 @@ static int test_wc_KeyPemToDer(void)
ExpectIntEQ(wc_KeyPemToDer(cert_buf, cert_sz, (byte*)&cert_der, 0, ""),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* Bad arg: negative or zero pemSz */
ExpectIntEQ(wc_KeyPemToDer(cert_buf, -1, (byte*)&cert_der, cert_sz, ""),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wc_KeyPemToDer(cert_buf, 0, (byte*)&cert_der, cert_sz, ""),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* Test normal operation */
cert_dersz = cert_sz; /* DER will be smaller than PEM */
ExpectNotNull(cert_der = (byte*)malloc((size_t)cert_dersz));
@@ -11968,6 +11978,10 @@ static int test_wc_PubKeyPemToDer(void)
ExpectIntEQ(load_file(key, &cert_buf, &cert_sz), 0);
cert_dersz = cert_sz; /* DER will be smaller than PEM */
ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
ExpectIntEQ(wc_PubKeyPemToDer(cert_buf, -1, cert_der, (int)cert_dersz),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wc_PubKeyPemToDer(cert_buf, 0, cert_der, (int)cert_dersz),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntGE(wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der,
(int)cert_dersz), 0);
if (cert_der != NULL) {
+3 -3
View File
@@ -24322,7 +24322,7 @@ int wc_KeyPemToDer(const unsigned char* pem, int pemSz,
WOLFSSL_ENTER("wc_KeyPemToDer");
if (pem == NULL || (buff != NULL && buffSz <= 0)) {
if (pem == NULL || (buff != NULL && buffSz <= 0) || pemSz <= 0) {
WOLFSSL_MSG("Bad pem der args");
return BAD_FUNC_ARG;
}
@@ -24373,7 +24373,7 @@ int wc_CertPemToDer(const unsigned char* pem, int pemSz,
WOLFSSL_ENTER("wc_CertPemToDer");
if (pem == NULL || buff == NULL || buffSz <= 0) {
if (pem == NULL || buff == NULL || buffSz <= 0 || pemSz <= 0) {
WOLFSSL_MSG("Bad pem der args");
return BAD_FUNC_ARG;
}
@@ -24420,7 +24420,7 @@ int wc_PubKeyPemToDer(const unsigned char* pem, int pemSz,
WOLFSSL_ENTER("wc_PubKeyPemToDer");
if (pem == NULL || (buff != NULL && buffSz <= 0)) {
if (pem == NULL || (buff != NULL && buffSz <= 0) || pemSz <= 0) {
WOLFSSL_MSG("Bad pem der args");
return BAD_FUNC_ARG;
}