Merge pull request #631 from ulikos/fix-630

Fixed size check in ecc_get_key, Fixes #630
libtom · Aug 7, 2023 · 2cb51b6 · 2cb51b6
2 parents 06b0f77 + 48462aa
commit 2cb51b6
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 1 deletion.
diff --git a/src/pk/ecc/ecc_get_key.c b/src/pk/ecc/ecc_get_key.c
@@ -33,8 +33,11 @@ int ecc_get_key(unsigned char *out, unsigned long *outlen, int type, const ecc_k
    }
    else if (type == PK_PRIVATE) {
       if (key->type != PK_PRIVATE)                                                return CRYPT_PK_TYPE_MISMATCH;
+      if (size > *outlen) {
+         *outlen = size;
+         return CRYPT_BUFFER_OVERFLOW;
+      }
       *outlen = size;
-      if (size > *outlen)                                                         return CRYPT_BUFFER_OVERFLOW;
       if ((ksize = mp_unsigned_bin_size(key->k)) > size)                          return CRYPT_BUFFER_OVERFLOW;
       /* pad and store k */
       if ((err = mp_to_unsigned_bin(key->k, out + (size - ksize))) != CRYPT_OK)   return err;

diff --git a/tests/ecc_test.c b/tests/ecc_test.c
@@ -198,6 +198,31 @@ static int s_ecc_test_shamir(void)
 }
 #endif
 
+/* https://github.com/libtom/libtomcrypt/issues/630 */
+static int s_ecc_issue630(void)
+{
+   unsigned char protected_buffer[30], protected_buffer_copy[30];
+   unsigned long keylen = 0;
+   ecc_key key;
+   int low, high;
+
+   ecc_sizes(&low, &high);
+
+   DO(ecc_make_key (&yarrow_prng, find_prng ("yarrow"), high, &key));
+   if (yarrow_read(protected_buffer, sizeof(protected_buffer), &yarrow_prng) != sizeof(protected_buffer)) {
+      return CRYPT_ERROR_READPRNG;
+   }
+   XMEMCPY(protected_buffer_copy, protected_buffer, sizeof(protected_buffer));
+   COMPARE_TESTVECTOR(protected_buffer, sizeof(protected_buffer), protected_buffer_copy, sizeof(protected_buffer), "Ensure copy is equal", 0);
+
+   keylen = 10;
+   SHOULD_FAIL(ecc_get_key(&protected_buffer[10], &keylen, PK_PRIVATE, &key));
+   COMPARE_TESTVECTOR(protected_buffer, 10, protected_buffer_copy, 10, "Start canary", 1);
+   COMPARE_TESTVECTOR(&protected_buffer[20], 10, &protected_buffer[20], 10, "End canary", 2);
+   ecc_free(&key);
+   return 0;
+}
+
 /* https://github.com/libtom/libtomcrypt/issues/108 */
 static int s_ecc_issue108(void)
 {
@@ -1591,6 +1616,7 @@ int ecc_test(void)
    DO(s_ecc_test_mp());
    DO(s_ecc_issue108());
    DO(s_ecc_issue443_447());
+   DO(s_ecc_issue630());
 #ifdef LTC_ECC_SHAMIR
    DO(s_ecc_test_shamir());
    DO(s_ecc_test_recovery());