Skip to content

Commit 8961b60

Browse files
committed
Crypto layer: Add missing input validation
1 parent 18c9684 commit 8961b60

4 files changed

Lines changed: 29 additions & 8 deletions

File tree

wolfcrypt/src/dh.c

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1711,6 +1711,9 @@ int wc_DhCheckPubValue(const byte* prime, word32 primeSz, const byte* pub,
17111711
int ret = 0;
17121712
word32 i;
17131713

1714+
if (prime == NULL || pub == NULL)
1715+
return BAD_FUNC_ARG;
1716+
17141717
for (i = 0; i < pubSz && pub[i] == 0; i++) {
17151718
}
17161719
pubSz -= i;
@@ -1807,9 +1810,8 @@ int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 privSz,
18071810

18081811
if (ret == 0) {
18091812
if (mp_iszero(q) == MP_NO) {
1810-
/* priv (x) shouldn't be greater than q - 1 */
1811-
if (mp_copy(&key->q, q) != MP_OKAY)
1812-
ret = MP_INIT_E;
1813+
/* priv (x) shouldn't be greater than q - 1.
1814+
q already set above; don't overwrite with key->q */
18131815
if (ret == 0) {
18141816
if (mp_sub_d(q, 1, q) != MP_OKAY)
18151817
ret = MP_SUB_E;

wolfcrypt/src/ecc.c

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10980,8 +10980,14 @@ static int _ecc_import_x963_ex2(const byte* in, word32 inLen, ecc_key* key,
1098010980
if (err == MP_OKAY) {
1098110981
#ifdef HAVE_COMP_KEY
1098210982
/* adjust inLen if compressed */
10983-
if (compressed)
10984-
inLen = inLen*2 + 1; /* used uncompressed len */
10983+
if (compressed) {
10984+
/* a compressed coordinate cannot exceed MAX_ECC_BYTES; bound it
10985+
* before doubling so inLen*2 + 1 cannot overflow word32. */
10986+
if (inLen > MAX_ECC_BYTES)
10987+
err = BAD_FUNC_ARG;
10988+
else
10989+
inLen = inLen*2 + 1; /* used uncompressed len */
10990+
}
1098510991
#endif
1098610992

1098710993
/* determine key size */

wolfcrypt/src/kdf.c

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,10 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
8787
Hmac hmac[1];
8888
#endif
8989

90+
if ((result == NULL && resLen != 0) || (secret == NULL && secLen != 0) ||
91+
(seed == NULL && seedLen != 0))
92+
return BAD_FUNC_ARG;
93+
9094
switch (hash) {
9195
#ifndef NO_MD5
9296
case md5_mac:
@@ -232,8 +236,11 @@ int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret,
232236
WC_DECLARE_VAR(sha_result, byte, MAX_PRF_DIG, heap); /* digLen is real size */
233237
WC_DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap);
234238

239+
/* labLen + seedLen is checked with subtraction to avoid word32 wraparound
240+
* (the labLen bound first ensures MAX_PRF_LABSEED - labLen cannot
241+
* underflow). */
235242
if (half > MAX_PRF_HALF ||
236-
labLen + seedLen > MAX_PRF_LABSEED ||
243+
labLen > MAX_PRF_LABSEED || seedLen > (MAX_PRF_LABSEED - labLen) ||
237244
digLen > MAX_PRF_DIG)
238245
{
239246
return BUFFER_E;
@@ -296,7 +303,9 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
296303
if (useAtLeastSha256) {
297304
WC_DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, 0);
298305

299-
if (labLen + seedLen > MAX_PRF_LABSEED) {
306+
/* Checked with subtraction to avoid word32 wraparound of
307+
* labLen + seedLen. */
308+
if (labLen > MAX_PRF_LABSEED || seedLen > (MAX_PRF_LABSEED - labLen)) {
300309
return BUFFER_E;
301310
}
302311

wolfcrypt/src/rsa.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1823,7 +1823,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
18231823
if (ret != 0) {
18241824
ForceZero(tmp, hLen);
18251825
#ifdef WOLFSSL_SMALL_STACK
1826-
XFREE(tmp, NULL, DYNAMIC_TYPE_RSA_BUFFER);
1826+
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
18271827
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
18281828
wc_MemZero_Check(tmp, hLen);
18291829
#endif
@@ -5410,7 +5410,11 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
54105410
goto out;
54115411
}
54125412

5413+
#if defined(HAVE_FIPS)
5414+
if (e < WC_RSA_EXPONENT || (e & 1) == 0) {
5415+
#else
54135416
if (e < 3 || (e & 1) == 0) {
5417+
#endif
54145418
err = BAD_FUNC_ARG;
54155419
goto out;
54165420
}

0 commit comments

Comments
 (0)