Skip to content

Commit b465f15

Browse files
committed
Crypto layer: Add missing input validation
1 parent 3fa342a commit b465f15

4 files changed

Lines changed: 58 additions & 17 deletions

File tree

wolfcrypt/src/dh.c

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1713,6 +1713,9 @@ int wc_DhCheckPubValue(const byte* prime, word32 primeSz, const byte* pub,
17131713
int ret = 0;
17141714
word32 i;
17151715

1716+
if (prime == NULL || pub == NULL)
1717+
return BAD_FUNC_ARG;
1718+
17161719
for (i = 0; i < pubSz && pub[i] == 0; i++) {
17171720
}
17181721
pubSz -= i;
@@ -1809,9 +1812,8 @@ int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 privSz,
18091812

18101813
if (ret == 0) {
18111814
if (mp_iszero(q) == MP_NO) {
1812-
/* priv (x) shouldn't be greater than q - 1 */
1813-
if (mp_copy(&key->q, q) != MP_OKAY)
1814-
ret = MP_INIT_E;
1815+
/* priv (x) shouldn't be greater than q - 1.
1816+
q already set above; don't overwrite with key->q */
18151817
if (ret == 0) {
18161818
if (mp_sub_d(q, 1, q) != MP_OKAY)
18171819
ret = MP_SUB_E;

wolfcrypt/src/ecc.c

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -10982,16 +10982,24 @@ static int _ecc_import_x963_ex2(const byte* in, word32 inLen, ecc_key* key,
1098210982
if (err == MP_OKAY) {
1098310983
#ifdef HAVE_COMP_KEY
1098410984
/* adjust inLen if compressed */
10985-
if (compressed)
10986-
inLen = inLen*2 + 1; /* used uncompressed len */
10985+
if (compressed) {
10986+
/* a compressed coordinate cannot exceed MAX_ECC_BYTES; bound it
10987+
* before doubling so inLen*2 + 1 cannot overflow word32. */
10988+
if (inLen > MAX_ECC_BYTES)
10989+
err = BAD_FUNC_ARG;
10990+
else
10991+
inLen = inLen*2 + 1; /* used uncompressed len */
10992+
}
1098710993
#endif
1098810994

1098910995
/* determine key size */
10990-
keysize = (int)(inLen>>1);
10991-
/* NOTE: FIPS v6.0.0 or greater, no restriction on imported keys, only
10992-
* on created keys or signatures */
10993-
err = wc_ecc_set_curve(key, keysize, curve_id);
10994-
key->type = ECC_PUBLICKEY;
10996+
if (err == MP_OKAY) {
10997+
keysize = (int)(inLen>>1);
10998+
/* NOTE: FIPS v6.0.0 or greater, no restriction on imported keys,
10999+
* only on created keys or signatures */
11000+
err = wc_ecc_set_curve(key, keysize, curve_id);
11001+
key->type = ECC_PUBLICKEY;
11002+
}
1099511003
}
1099611004

1099711005
/* read data */

wolfcrypt/src/kdf.c

Lines changed: 33 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,10 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
8989
Hmac hmac[1];
9090
#endif
9191

92+
if ((result == NULL && resLen != 0) || (secret == NULL && secLen != 0) ||
93+
(seed == NULL && seedLen != 0))
94+
return BAD_FUNC_ARG;
95+
9296
switch (hash) {
9397
#ifndef NO_MD5
9498
case md5_mac:
@@ -234,8 +238,18 @@ int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret,
234238
WC_DECLARE_VAR(sha_result, byte, MAX_PRF_DIG, heap); /* digLen is real size */
235239
WC_DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap);
236240

241+
if ((digest == NULL && digLen != 0) ||
242+
(secret == NULL && secLen != 0) ||
243+
(label == NULL && labLen != 0) ||
244+
(seed == NULL && seedLen != 0)) {
245+
return BAD_FUNC_ARG;
246+
}
247+
248+
/* labLen + seedLen is checked with subtraction to avoid word32 wraparound
249+
* (the labLen bound first ensures MAX_PRF_LABSEED - labLen cannot
250+
* underflow). */
237251
if (half > MAX_PRF_HALF ||
238-
labLen + seedLen > MAX_PRF_LABSEED ||
252+
labLen > MAX_PRF_LABSEED || seedLen > (MAX_PRF_LABSEED - labLen) ||
239253
digLen > MAX_PRF_DIG)
240254
{
241255
return BUFFER_E;
@@ -251,8 +265,10 @@ int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret,
251265
sha_half = secret + half - secLen % 2;
252266
md5_result = digest;
253267

254-
XMEMCPY(labelSeed, label, labLen);
255-
XMEMCPY(labelSeed + labLen, seed, seedLen);
268+
if (labLen != 0)
269+
XMEMCPY(labelSeed, label, labLen);
270+
if (seedLen != 0)
271+
XMEMCPY(labelSeed + labLen, seed, seedLen);
256272

257273
if ((ret = wc_PRF(md5_result, digLen, md5_half, half, labelSeed,
258274
labLen + seedLen, md5_mac, heap, devId)) == 0) {
@@ -286,6 +302,13 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
286302
{
287303
int ret = 0;
288304

305+
if ((digest == NULL && digLen != 0) ||
306+
(secret == NULL && secLen != 0) ||
307+
(label == NULL && labLen != 0) ||
308+
(seed == NULL && seedLen != 0)) {
309+
return BAD_FUNC_ARG;
310+
}
311+
289312
#ifdef WOLFSSL_DEBUG_TLS
290313
WOLFSSL_MSG(" secret");
291314
WOLFSSL_BUFFER(secret, secLen);
@@ -298,15 +321,19 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
298321
if (useAtLeastSha256) {
299322
WC_DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, 0);
300323

301-
if (labLen + seedLen > MAX_PRF_LABSEED) {
324+
/* Checked with subtraction to avoid word32 wraparound of
325+
* labLen + seedLen. */
326+
if (labLen > MAX_PRF_LABSEED || seedLen > (MAX_PRF_LABSEED - labLen)) {
302327
return BUFFER_E;
303328
}
304329

305330
WC_ALLOC_VAR_EX(labelSeed, byte, MAX_PRF_LABSEED, heap,
306331
DYNAMIC_TYPE_DIGEST, return MEMORY_E);
307332

308-
XMEMCPY(labelSeed, label, labLen);
309-
XMEMCPY(labelSeed + labLen, seed, seedLen);
333+
if (labLen != 0)
334+
XMEMCPY(labelSeed, label, labLen);
335+
if (seedLen != 0)
336+
XMEMCPY(labelSeed + labLen, seed, seedLen);
310337

311338
/* If a cipher suite wants an algorithm better than sha256, it
312339
* should use better. */

wolfcrypt/src/rsa.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1825,7 +1825,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
18251825
if (ret != 0) {
18261826
ForceZero(tmp, hLen);
18271827
#ifdef WOLFSSL_SMALL_STACK
1828-
XFREE(tmp, NULL, DYNAMIC_TYPE_RSA_BUFFER);
1828+
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
18291829
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
18301830
wc_MemZero_Check(tmp, hLen);
18311831
#endif
@@ -5412,7 +5412,11 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
54125412
goto out;
54135413
}
54145414

5415+
#if defined(HAVE_FIPS)
5416+
if (e < WC_RSA_EXPONENT || (e & 1) == 0) {
5417+
#else
54155418
if (e < 3 || (e & 1) == 0) {
5419+
#endif
54165420
err = BAD_FUNC_ARG;
54175421
goto out;
54185422
}

0 commit comments

Comments
 (0)