fix check on RSA key size

2026-03-06 22:44:04 +01:00 · 2016-04-14 09:33:25 -06:00
parent 4d38813b0c
commit f998851642
4 changed files with 66 additions and 12 deletions
--- a/wolfcrypt/user-crypto/src/rsa.c
+++ b/wolfcrypt/user-crypto/src/rsa.c
@@ -528,20 +528,33 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
 static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
                   word32 pkcsBlockLen, byte padValue, WC_RNG* rng)
 {
-    if (inputLen == 0)
-        return 0;
+    if (inputLen == 0 || pkcsBlockLen == 0) {
+        return USER_CRYPTO_ERROR;
+    }

    pkcsBlock[0] = 0x0;       /* set first byte to zero and advance */
    pkcsBlock++; pkcsBlockLen--;
    pkcsBlock[0] = padValue;  /* insert padValue */

-    if (padValue == RSA_BLOCK_TYPE_1)
+    if (padValue == RSA_BLOCK_TYPE_1) {
+        if (pkcsBlockLen < inputLen + 2) {
+            return USER_CRYPTO_ERROR;
+        }
+
        /* pad with 0xff bytes */
        XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
+    }
    else {
        /* pad with non-zero random bytes */
-        word32 padLen = pkcsBlockLen - inputLen - 1, i;
-        int    ret    = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);
+        word32 padLen, i;
+        int    ret;
+
+        if (pkcsBlockLen < inputLen + 1) {
+            return USER_CRYPTO_ERROR;
+        }
+
+        padLen = pkcsBlockLen - inputLen - 1;
+        ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);

        if (ret != 0)
            return ret;
@@ -568,6 +581,10 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
           i = 1,
           outputLen;

+    if (pkcsBlockLen == 0) {
+        return USER_CRYPTO_ERROR;
+    }
+
    if (pkcsBlock[0] != 0x0) /* skip past zero */
        invalid = 1;
    pkcsBlock++; pkcsBlockLen--;
@@ -1612,6 +1629,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
        return USER_CRYPTO_ERROR;
    }

+    if (sz < RSA_MIN_PAD_SZ) {
+        USER_DEBUG(("Key size is too small\n"));
+        return USER_CRYPTO_ERROR;
+    }
+
    if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) {
        USER_DEBUG(("Bad argument inLen to wc_RsaSSL_Sign\n"));
        return USER_CRYPTO_ERROR;