wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed possible memory leak on signature wrapper ASN encode and corrected the maximum header size. Added new MAX_ENCODED_HEADER_SZ which is the maximum encoded ASN header size and update asn.c to use it. Added comment about key size sanity check. Renamed wc_SignatureRsaEncode to wc_SignatureAsnEncode.

Browse Source
This commit is contained in:
David Garske
2016-02-05 16:01:42 -08:00
parent be99fcff43
commit d5f410523a
3 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wolfcrypt/src/asn.c
View File

@@ -7023,7 +7023,7 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz,
#ifdef WOLFSSL_SMALL_STACK
byte* encSig;
#else
byte encSig[MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ];
byte encSig[MAX_ENCODED_HEADER_SZ];
#endif
(void)digest;
@@ -7085,7 +7085,7 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz,
return ret;
#ifdef WOLFSSL_SMALL_STACK
encSig = (byte*)XMALLOC(MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ,
encSig = (byte*)XMALLOC(MAX_ENCODED_HEADER_SZ,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (encSig == NULL)
return MEMORY_E;

13
wolfcrypt/src/signature.c
View File

@@ -47,7 +47,7 @@
#ifndef NO_SIG_WRAPPER
#if !defined(NO_RSA) && !defined(NO_ASN)
static int wc_SignatureRsaEncode(enum wc_HashType hash_type, byte** hash_data,
static int wc_SignatureAsnEncode(enum wc_HashType hash_type, byte** hash_data,
word32* hash_len)
{
int ret = wc_HashGetOID(hash_type);
@@ -55,7 +55,7 @@ static int wc_SignatureRsaEncode(enum wc_HashType hash_type, byte** hash_data,
int oid = ret;
/* Allocate buffer for hash and encoded ASN header */
word32 digest_len = *hash_len + MAX_ALGO_SZ;
word32 digest_len = *hash_len + MAX_ENCODED_HEADER_SZ;
byte *digest_buf = (byte*)XMALLOC(digest_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (digest_buf) {
ret = wc_EncodeSignature(digest_buf, *hash_data, *hash_len, oid);
@@ -67,6 +67,9 @@ static int wc_SignatureRsaEncode(enum wc_HashType hash_type, byte** hash_data,
*hash_data = digest_buf;
*hash_len = digest_len;
}
else {
XFREE(digest_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
}
else {
ret = MEMORY_E;
@@ -88,6 +91,7 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
switch(sig_type) {
case WC_SIGNATURE_TYPE_ECC:
#ifdef HAVE_ECC
/* Santity check that void* key is at least ecc_key in size */
if (key_len >= sizeof(ecc_key)) {
sig_len = wc_ecc_sig_size((ecc_key*)key);
}
@@ -102,6 +106,7 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
case WC_SIGNATURE_TYPE_RSA_W_ENC:
case WC_SIGNATURE_TYPE_RSA:
#ifndef NO_RSA
/* Santity check that void* key is at least RsaKey in size */
if (key_len >= sizeof(RsaKey)) {
sig_len = wc_RsaEncryptSize((RsaKey*)key);
}
@@ -183,7 +188,7 @@ int wc_SignatureVerify(
ret = SIG_TYPE_E;
break;
#else
ret = wc_SignatureRsaEncode(hash_type, &hash_data, &hash_len);
ret = wc_SignatureAsnEncode(hash_type, &hash_data, &hash_len);
/* Check for error */
if (ret < 0) {
break;
@@ -300,7 +305,7 @@ int wc_SignatureGenerate(
ret = SIG_TYPE_E;
break;
#else
ret = wc_SignatureRsaEncode(hash_type, &hash_data, &hash_len);
ret = wc_SignatureAsnEncode(hash_type, &hash_data, &hash_len);
/* Check for error */
if (ret < 0) {
break;

1
wolfssl/wolfcrypt/asn.h
View File

@@ -166,6 +166,7 @@ enum Misc_ASN {
MAX_RSA_E_SZ = 16, /* Max RSA public e size */
MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
MAX_ENCODED_HEADER_SZ = MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, /* Maximum encoded signature header size */
#ifdef WOLFSSL_CERT_GEN
#ifdef WOLFSSL_CERT_REQ
/* Max encoded cert req attributes length */