TeaSpeak/tomcrypt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix for issue #58 - possible overflow in ecc_ansi_x963_export

Browse Source
This commit is contained in:
Karel Miko 2016-01-10 21:37:17 +01:00 committed by Steffen Jaeckel
parent af70cb6a01
commit 42bad9f580
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/pk/ecc/ecc_ansi_x963_export.c
View File

@ -32,7 +32,7 @@
int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen)
{
unsigned char buf[ECC_BUF_SIZE];
unsigned long numlen;
unsigned long numlen, xlen, ylen;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(out != NULL);
@ -42,6 +42,12 @@ int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen
return CRYPT_INVALID_ARG;
}
numlen = key->dp->size;
xlen = mp_unsigned_bin_size(key->pubkey.x);
ylen = mp_unsigned_bin_size(key->pubkey.y);
if (xlen > numlen || ylen > numlen || sizeof(buf) < numlen) {
return CRYPT_BUFFER_OVERFLOW;
}
if (*outlen < (1 + 2*numlen)) {
*outlen = 1 + 2*numlen;
@ -53,12 +59,12 @@ int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen
/* pad and store x */
zeromem(buf, sizeof(buf));
mp_to_unsigned_bin(key->pubkey.x, buf + (numlen - mp_unsigned_bin_size(key->pubkey.x)));
mp_to_unsigned_bin(key->pubkey.x, buf + (numlen - xlen));
XMEMCPY(out+1, buf, numlen);
/* pad and store y */
zeromem(buf, sizeof(buf));
mp_to_unsigned_bin(key->pubkey.y, buf + (numlen - mp_unsigned_bin_size(key->pubkey.y)));
mp_to_unsigned_bin(key->pubkey.y, buf + (numlen - ylen));
XMEMCPY(out+1+numlen, buf, numlen);
*outlen = 1 + 2*numlen;