Static RSA length check

Better length check on decrypted pre-master secret length.
2023-09-26 12:50:26 +10:00 · 2023-09-26 12:50:26 +10:00 · 9acba6ee2d
commit 9acba6ee2d
parent 60f30e994d
2 changed files with 5 additions and 2 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -38222,6 +38222,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                    case rsa_kea:
                    {
                        RsaKey* key = (RsaKey*)ssl->hsKey;
+                        int lenErrMask;

                        ret = RsaDec(ssl,
                            input + args->idx,
@ -38247,7 +38248,9 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                        if (ret == BAD_FUNC_ARG)
                            goto exit_dcke;

-                        args->lastErr = ret - (SECRET_LEN - args->sigSz);
+                        lenErrMask = 0 - (SECRET_LEN != args->sigSz);
+                        args->lastErr = (ret & (~lenErrMask)) |
+                            (RSA_PAD_E & lenErrMask);
                        ret = 0;
                        break;
                    } /* rsa_kea */
--- a/src/ssl.c
+++ b/src/ssl.c
@ -32840,7 +32840,7 @@ int wolfSSL_set_alpn_protos(WOLFSSL* ssl,
        const unsigned char* p, unsigned int p_len)
 {
    WOLFSSL_BIO* bio;
-    char* pt;
+    char* pt = NULL;

    unsigned int sz;
    unsigned int idx = 0;