Skip to content

Commit 2cb51b6

Browse files
sjaeckelsjaeckel
authored
Merge pull request #631 from ulikos/fix-630
Fixed size check in ecc_get_key, Fixes #630
2 parents 06b0f77 + 48462aa commit 2cb51b6

File tree

2 files changed

+30
-1
lines changed

2 files changed

+30
-1
lines changed

src/pk/ecc/ecc_get_key.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,8 +33,11 @@ int ecc_get_key(unsigned char *out, unsigned long *outlen, int type, const ecc_k
3333
}
3434
else if (type == PK_PRIVATE) {
3535
if (key->type != PK_PRIVATE) return CRYPT_PK_TYPE_MISMATCH;
36+
if (size > *outlen) {
37+
*outlen = size;
38+
return CRYPT_BUFFER_OVERFLOW;
39+
}
3640
*outlen = size;
37-
if (size > *outlen) return CRYPT_BUFFER_OVERFLOW;
3841
if ((ksize = mp_unsigned_bin_size(key->k)) > size) return CRYPT_BUFFER_OVERFLOW;
3942
/* pad and store k */
4043
if ((err = mp_to_unsigned_bin(key->k, out + (size - ksize))) != CRYPT_OK) return err;

tests/ecc_test.c

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -198,6 +198,31 @@ static int s_ecc_test_shamir(void)
198198
}
199199
#endif
200200

201+
/* https://github.com/libtom/libtomcrypt/issues/630 */
202+
static int s_ecc_issue630(void)
203+
{
204+
unsigned char protected_buffer[30], protected_buffer_copy[30];
205+
unsigned long keylen = 0;
206+
ecc_key key;
207+
int low, high;
208+
209+
ecc_sizes(&low, &high);
210+
211+
DO(ecc_make_key (&yarrow_prng, find_prng ("yarrow"), high, &key));
212+
if (yarrow_read(protected_buffer, sizeof(protected_buffer), &yarrow_prng) != sizeof(protected_buffer)) {
213+
return CRYPT_ERROR_READPRNG;
214+
}
215+
XMEMCPY(protected_buffer_copy, protected_buffer, sizeof(protected_buffer));
216+
COMPARE_TESTVECTOR(protected_buffer, sizeof(protected_buffer), protected_buffer_copy, sizeof(protected_buffer), "Ensure copy is equal", 0);
217+
218+
keylen = 10;
219+
SHOULD_FAIL(ecc_get_key(&protected_buffer[10], &keylen, PK_PRIVATE, &key));
220+
COMPARE_TESTVECTOR(protected_buffer, 10, protected_buffer_copy, 10, "Start canary", 1);
221+
COMPARE_TESTVECTOR(&protected_buffer[20], 10, &protected_buffer[20], 10, "End canary", 2);
222+
ecc_free(&key);
223+
return 0;
224+
}
225+
201226
/* https://github.com/libtom/libtomcrypt/issues/108 */
202227
static int s_ecc_issue108(void)
203228
{
@@ -1591,6 +1616,7 @@ int ecc_test(void)
15911616
DO(s_ecc_test_mp());
15921617
DO(s_ecc_issue108());
15931618
DO(s_ecc_issue443_447());
1619+
DO(s_ecc_issue630());
15941620
#ifdef LTC_ECC_SHAMIR
15951621
DO(s_ecc_test_shamir());
15961622
DO(s_ecc_test_recovery());

0 commit comments

Comments
 (0)