diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs b/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs index 1141446865..021c0cd2d5 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs @@ -858,6 +858,10 @@ impl ECC { /// ``` #[cfg(ecc_import)] pub fn import_raw(qx: &[u8], qy: &[u8], d: &[u8], curve_name: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + if qx.is_empty() || qy.is_empty() || d.is_empty() || curve_name.is_empty() || + qx[qx.len() - 1] != 0 || qy[qy.len() - 1] != 0 || d[d.len() - 1] != 0 || curve_name[curve_name.len() - 1] != 0 { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } let heap = heap.unwrap_or(core::ptr::null_mut()); let dev_id = dev_id.unwrap_or(sys::INVALID_DEVID); let wc_ecc_key = Self::new_ecc_key(heap, dev_id)?; @@ -911,6 +915,10 @@ impl ECC { /// ``` #[cfg(ecc_import)] pub fn import_raw_ex(qx: &[u8], qy: &[u8], d: &[u8], curve_id: i32, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + if qx.is_empty() || qy.is_empty() || d.is_empty() || + qx[qx.len() - 1] != 0 || qy[qy.len() - 1] != 0 || d[d.len() - 1] != 0 { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } let heap = heap.unwrap_or(core::ptr::null_mut()); let dev_id = dev_id.unwrap_or(sys::INVALID_DEVID); let wc_ecc_key = Self::new_ecc_key(heap, dev_id)?; diff --git a/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs b/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs index 365913a3a5..423d5a8bbe 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs @@ -367,6 +367,34 @@ fn test_ecc_import() { ECC::import_raw_ex(qx, qy, d, ECC::SECP256R1, None, None).expect("Error with import_raw_ex()"); } +#[test] +#[cfg(ecc_import)] +fn test_ecc_import_raw_not_null_terminated() { + common::setup(); + + let qx = b"7a4e287890a1a47ad3457e52f2f76a83ce46cbc947616d0cbaa82323818a793d\0"; + let qy = b"eec4084f5b29ebf29c44cce3b3059610922f8b30ea6e8811742ac7238fe87308\0"; + let d = b"8c14b793cb19137e323a6d2e2a870bca2e7a493ec1153b3a95feb8a4873f8d08\0"; + let qx_no_nul: &[u8] = &qx[..qx.len() - 1]; + let qy_no_nul: &[u8] = &qy[..qy.len() - 1]; + let d_no_nul: &[u8] = &d[..d.len() - 1]; + let curve_name = b"SECP256R1\0"; + let curve_name_no_nul: &[u8] = b"SECP256R1"; + let empty: &[u8] = b""; + + assert!(ECC::import_raw(qx_no_nul, qy, d, curve_name, None, None).is_err()); + assert!(ECC::import_raw(qx, qy_no_nul, d, curve_name, None, None).is_err()); + assert!(ECC::import_raw(qx, qy, d_no_nul, curve_name, None, None).is_err()); + assert!(ECC::import_raw(qx, qy, d, curve_name_no_nul, None, None).is_err()); + assert!(ECC::import_raw(empty, qy, d, curve_name, None, None).is_err()); + assert!(ECC::import_raw(qx, qy, d, empty, None, None).is_err()); + + assert!(ECC::import_raw_ex(qx_no_nul, qy, d, ECC::SECP256R1, None, None).is_err()); + assert!(ECC::import_raw_ex(qx, qy_no_nul, d, ECC::SECP256R1, None, None).is_err()); + assert!(ECC::import_raw_ex(qx, qy, d_no_nul, ECC::SECP256R1, None, None).is_err()); + assert!(ECC::import_raw_ex(qx, qy, empty, ECC::SECP256R1, None, None).is_err()); +} + #[test] fn test_ecc_rs_hex_to_sig_not_null_terminated() { common::setup();