Skip to content

Commit b4d73d0

Browse files
committed
Crypto layer: Add missing input validation
1 parent 3fa342a commit b4d73d0

4 files changed

Lines changed: 29 additions & 8 deletions

File tree

wolfcrypt/src/dh.c

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1713,6 +1713,9 @@ int wc_DhCheckPubValue(const byte* prime, word32 primeSz, const byte* pub,
17131713
int ret = 0;
17141714
word32 i;
17151715

1716+
if (prime == NULL || pub == NULL)
1717+
return BAD_FUNC_ARG;
1718+
17161719
for (i = 0; i < pubSz && pub[i] == 0; i++) {
17171720
}
17181721
pubSz -= i;
@@ -1809,9 +1812,8 @@ int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 privSz,
18091812

18101813
if (ret == 0) {
18111814
if (mp_iszero(q) == MP_NO) {
1812-
/* priv (x) shouldn't be greater than q - 1 */
1813-
if (mp_copy(&key->q, q) != MP_OKAY)
1814-
ret = MP_INIT_E;
1815+
/* priv (x) shouldn't be greater than q - 1.
1816+
q already set above; don't overwrite with key->q */
18151817
if (ret == 0) {
18161818
if (mp_sub_d(q, 1, q) != MP_OKAY)
18171819
ret = MP_SUB_E;

wolfcrypt/src/ecc.c

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10982,8 +10982,14 @@ static int _ecc_import_x963_ex2(const byte* in, word32 inLen, ecc_key* key,
1098210982
if (err == MP_OKAY) {
1098310983
#ifdef HAVE_COMP_KEY
1098410984
/* adjust inLen if compressed */
10985-
if (compressed)
10986-
inLen = inLen*2 + 1; /* used uncompressed len */
10985+
if (compressed) {
10986+
/* a compressed coordinate cannot exceed MAX_ECC_BYTES; bound it
10987+
* before doubling so inLen*2 + 1 cannot overflow word32. */
10988+
if (inLen > MAX_ECC_BYTES)
10989+
err = BAD_FUNC_ARG;
10990+
else
10991+
inLen = inLen*2 + 1; /* used uncompressed len */
10992+
}
1098710993
#endif
1098810994

1098910995
/* determine key size */

wolfcrypt/src/kdf.c

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,10 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
8989
Hmac hmac[1];
9090
#endif
9191

92+
if ((result == NULL && resLen != 0) || (secret == NULL && secLen != 0) ||
93+
(seed == NULL && seedLen != 0))
94+
return BAD_FUNC_ARG;
95+
9296
switch (hash) {
9397
#ifndef NO_MD5
9498
case md5_mac:
@@ -234,8 +238,11 @@ int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret,
234238
WC_DECLARE_VAR(sha_result, byte, MAX_PRF_DIG, heap); /* digLen is real size */
235239
WC_DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap);
236240

241+
/* labLen + seedLen is checked with subtraction to avoid word32 wraparound
242+
* (the labLen bound first ensures MAX_PRF_LABSEED - labLen cannot
243+
* underflow). */
237244
if (half > MAX_PRF_HALF ||
238-
labLen + seedLen > MAX_PRF_LABSEED ||
245+
labLen > MAX_PRF_LABSEED || seedLen > (MAX_PRF_LABSEED - labLen) ||
239246
digLen > MAX_PRF_DIG)
240247
{
241248
return BUFFER_E;
@@ -298,7 +305,9 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
298305
if (useAtLeastSha256) {
299306
WC_DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, 0);
300307

301-
if (labLen + seedLen > MAX_PRF_LABSEED) {
308+
/* Checked with subtraction to avoid word32 wraparound of
309+
* labLen + seedLen. */
310+
if (labLen > MAX_PRF_LABSEED || seedLen > (MAX_PRF_LABSEED - labLen)) {
302311
return BUFFER_E;
303312
}
304313

wolfcrypt/src/rsa.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1825,7 +1825,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
18251825
if (ret != 0) {
18261826
ForceZero(tmp, hLen);
18271827
#ifdef WOLFSSL_SMALL_STACK
1828-
XFREE(tmp, NULL, DYNAMIC_TYPE_RSA_BUFFER);
1828+
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
18291829
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
18301830
wc_MemZero_Check(tmp, hLen);
18311831
#endif
@@ -5412,7 +5412,11 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
54125412
goto out;
54135413
}
54145414

5415+
#if defined(HAVE_FIPS)
5416+
if (e < WC_RSA_EXPONENT || (e & 1) == 0) {
5417+
#else
54155418
if (e < 3 || (e & 1) == 0) {
5419+
#endif
54165420
err = BAD_FUNC_ARG;
54175421
goto out;
54185422
}

0 commit comments

Comments
 (0)