Avoid some buffer overflows in ecdsatest

The ASN.1 encoding of the modified ECDSA signature can grow in size due to padding of the ASN.1 integers. Instead of reusing the same signature buffer freshly allocate it. Avoids some buffer overflows caught by ASAN.
author: tb <> 2022-08-31 09:33:39 +0000
committer: tb <> 2022-08-31 09:33:39 +0000
commit: 835cf9363dd7d1a2a49eb5db9ccc62acdb54e089 (patch)
tree: fef18cbbf7f4eca2f4170d0c6b5d63cd06d109b0
parent: 1af840db6160c4511f1e225122056a69d23d80cd (diff)
download: openbsd-835cf9363dd7d1a2a49eb5db9ccc62acdb54e089.tar.gz
openbsd-835cf9363dd7d1a2a49eb5db9ccc62acdb54e089.tar.bz2
openbsd-835cf9363dd7d1a2a49eb5db9ccc62acdb54e089.zip
1 files changed, 14 insertions, 4 deletions
diff --git a/src/regress/lib/libcrypto/ecdsa/ecdsatest.c b/src/regress/lib/libcrypto/ecdsa/ecdsatest.c
index 683260aeee..5e2419a91f 100644
--- a/src/regress/lib/libcrypto/ecdsa/ecdsatest.c
+++ b/src/regress/lib/libcrypto/ecdsa/ecdsatest.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ecdsatest.c,v 1.9 2022/03/31 09:36:09 tb Exp $        */
+/*      $OpenBSD: ecdsatest.c,v 1.10 2022/08/31 09:33:39 tb Exp $       */
 /*
 * Written by Nils Larsch for the OpenSSL project.
 */
@@ -251,7 +251,8 @@ test_builtin(BIO *out)
                BIO_printf(out, ".");
                (void)BIO_flush(out);
                /* create signature */
-                sig_len = ECDSA_size(eckey);
+                if ((sig_len = ECDSA_size(eckey)) == 0)
+                        goto builtin_err;
                if ((signature = malloc(sig_len)) == NULL)
                        goto builtin_err;
                if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) {
@@ -332,8 +333,13 @@ test_builtin(BIO *out)
                r = NULL;
                s = NULL;
+                free(signature);
+                signature = NULL;
                sig_ptr2 = signature;
-                sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
+                if ((sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2)) <= 0)
+                        goto builtin_err;
                if (ECDSA_verify(0, digest, 20, signature, sig_len,
                    eckey) == 1) {
                        BIO_printf(out, " failed\n");
@@ -349,8 +355,12 @@ test_builtin(BIO *out)
                r = NULL;
                s = NULL;
+                free(signature);
+                signature = NULL;
                sig_ptr2 = signature;
-                sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
+                if ((sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2)) <= 0)
+                        goto builtin_err;
                if (ECDSA_verify(0, digest, 20, signature, sig_len,
                    eckey) != 1) {
                        BIO_printf(out, " failed\n");
author	tb <>	2022-08-31 09:33:39 +0000
committer	tb <>	2022-08-31 09:33:39 +0000
commit	835cf9363dd7d1a2a49eb5db9ccc62acdb54e089 (patch)
tree	fef18cbbf7f4eca2f4170d0c6b5d63cd06d109b0
parent	1af840db6160c4511f1e225122056a69d23d80cd (diff)
download	openbsd-835cf9363dd7d1a2a49eb5db9ccc62acdb54e089.tar.gz openbsd-835cf9363dd7d1a2a49eb5db9ccc62acdb54e089.tar.bz2 openbsd-835cf9363dd7d1a2a49eb5db9ccc62acdb54e089.zip