WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

DH and SP: sp_DhExp_* called with uninitialized outLen 

Fix for GeneratePublicDh was not right in #6002.
sp_DhExp_* are called from multiple functions.
Sometimes outLen contains a value and sometimes not.
Check public key output size in GeneratePublicDh before calling SP.
pull/6016/head
Sean Parkinson 2023-01-27 10:13:56 +10:00
parent 06509021ff
commit 134d4cca67
8 changed files with 5 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
wolfcrypt/src/dh.c
View File

@ -1291,7 +1291,6 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
{
int ret = 0;
#ifndef WOLFSSL_SP_MATH
word32 binSz = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
mp_int* x;
mp_int* y;
@ -1301,6 +1300,10 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
#endif
#endif
if (*pubSz < (word32)mp_unsigned_bin_size(&key->p)) {
return WC_KEY_SIZE_E;
}
#ifdef WOLFSSL_HAVE_SP_DH
#ifndef WOLFSSL_SP_NO_2048
if (mp_count_bits(&key->p) == 2048)
@ -1341,18 +1344,11 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
if (ret == 0 && mp_exptmod(&key->g, x, &key->p, y) != MP_OKAY)
ret = MP_EXPTMOD_E;
if (ret == 0) {
binSz = mp_unsigned_bin_size(y);
if (binSz > *pubSz) {
ret = WC_KEY_SIZE_E;
}
}
if (ret == 0 && mp_to_unsigned_bin(y, pub) != MP_OKAY)
ret = MP_TO_E;
if (ret == 0)
*pubSz = binSz;
*pubSz = mp_unsigned_bin_size(y);
mp_clear(y);
mp_clear(x);

9
wolfcrypt/src/sp_arm32.c
View File

@ -17700,9 +17700,6 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 2048) {
err = MP_READ_E;
}
else if (*outLen < 256U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -44900,9 +44897,6 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 3072) {
err = MP_READ_E;
}
else if (*outLen < 384U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -60475,9 +60469,6 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 4096) {
err = MP_READ_E;
}
else if (*outLen < 512U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}

9
wolfcrypt/src/sp_arm64.c
View File

@ -6866,9 +6866,6 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 2048) {
err = MP_READ_E;
}
else if (*outLen < 256U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -16472,9 +16469,6 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 3072) {
err = MP_READ_E;
}
else if (*outLen < 384U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -21682,9 +21676,6 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 4096) {
err = MP_READ_E;
}
else if (*outLen < 512U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}

9
wolfcrypt/src/sp_armthumb.c
View File

@ -30159,9 +30159,6 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 2048) {
err = MP_READ_E;
}
else if (*outLen < 256U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -83251,9 +83248,6 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 3072) {
err = MP_READ_E;
}
else if (*outLen < 384U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -96595,9 +96589,6 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 4096) {
err = MP_READ_E;
}
else if (*outLen < 512U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}

15
wolfcrypt/src/sp_c32.c
View File

@ -4640,9 +4640,6 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 2048) {
err = MP_READ_E;
}
else if (*outLen < 256U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -7951,9 +7948,6 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 3072) {
err = MP_READ_E;
}
else if (*outLen < 384U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -12293,9 +12287,6 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 3072) {
err = MP_READ_E;
}
else if (*outLen < 384U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -15615,9 +15606,6 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 4096) {
err = MP_READ_E;
}
else if (*outLen < 512U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -19924,9 +19912,6 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 4096) {
err = MP_READ_E;
}
else if (*outLen < 512U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}

18
wolfcrypt/src/sp_c64.c
View File

@ -3162,9 +3162,6 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 2048) {
err = MP_READ_E;
}
else if (*outLen < 256U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -6834,9 +6831,6 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 2048) {
err = MP_READ_E;
}
else if (*outLen < 256U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -10051,9 +10045,6 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 3072) {
err = MP_READ_E;
}
else if (*outLen < 384U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -13908,9 +13899,6 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 3072) {
err = MP_READ_E;
}
else if (*outLen < 384U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -17126,9 +17114,6 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 4096) {
err = MP_READ_E;
}
else if (*outLen < 512U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -21087,9 +21072,6 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 4096) {
err = MP_READ_E;
}
else if (*outLen < 512U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}

9
wolfcrypt/src/sp_cortexm.c
View File

@ -5785,9 +5785,6 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 2048) {
err = MP_READ_E;
}
else if (*outLen < 256U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -11598,9 +11595,6 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 3072) {
err = MP_READ_E;
}
else if (*outLen < 384U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -15589,9 +15583,6 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 4096) {
err = MP_READ_E;
}
else if (*outLen < 512U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}

9
wolfcrypt/src/sp_x86_64.c
View File

@ -2863,9 +2863,6 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 2048) {
err = MP_READ_E;
}
else if (*outLen < 256U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -5764,9 +5761,6 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 3072) {
err = MP_READ_E;
}
else if (*outLen < 384U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}
@ -7891,9 +7885,6 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
else if (mp_count_bits(mod) != 4096) {
err = MP_READ_E;
}
else if (*outLen < 512U) {
err = BUFFER_E;
}
else if (mp_iseven(mod)) {
err = MP_VAL;
}