mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #3206 from SparkiDev/ed448_oob

Browse Source 
ED448: Fix out of bounds read in import public
This commit is contained in:
toddouska 2020-08-07 15:36:11 -07:00 committed by GitHub
commit 89e6f3bcd5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
wolfcrypt/src/ed448.c
View File

@ -197,7 +197,7 @@ static int ed448_sign_msg(const byte* in, word32 inLen, byte* out,
if (ret == 0) {
ret = wc_Shake256_Update(&sha, &contextLen, sizeof(contextLen));
}
if (ret == 0 && context != NULL) {
if ((ret == 0) && (context != NULL)) {
ret = wc_Shake256_Update(&sha, context, contextLen);
}
if (ret == 0) {
@ -230,7 +230,7 @@ static int ed448_sign_msg(const byte* in, word32 inLen, byte* out,
if (ret == 0) {
ret = wc_Shake256_Update(&sha, &contextLen, sizeof(contextLen));
}
if (ret == 0 && context != NULL) {
if ((ret == 0) && (context != NULL)) {
ret = wc_Shake256_Update(&sha, context, contextLen);
}
if (ret == 0) {
@ -400,7 +400,7 @@ static int ed448_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
if (ret == 0) {
ret = wc_Shake256_Update(&sha, &contextLen, sizeof(contextLen));
}
if (ret == 0 && context != NULL) {
if ((ret == 0) && (context != NULL)) {
ret = wc_Shake256_Update(&sha, context, contextLen);
}
if (ret == 0) {
@ -615,6 +615,10 @@ int wc_ed448_import_public(const byte* in, word32 inLen, ed448_key* key)
ret = BAD_FUNC_ARG;
}
if (inLen < ED448_PUB_KEY_SIZE) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
/* compressed prefix according to draft
* https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-06 */
@ -699,7 +703,8 @@ int wc_ed448_import_private_key(const byte* priv, word32 privSz,
}
/* key size check */
if ((ret == 0) && (privSz < ED448_KEY_SIZE || pubSz < ED448_PUB_KEY_SIZE)) {
if ((ret == 0) && ((privSz < ED448_KEY_SIZE) ||
(pubSz < ED448_PUB_KEY_SIZE))) {
ret = BAD_FUNC_ARG;
}