Avoid some buffer overflows in ecdsatest

The ASN.1 encoding of the modified ECDSA signature can grow in size due to padding of the ASN.1 integers. Instead of reusing the same signature buffer freshly allocate it. Avoids some buffer overflows caught by ASAN.
author: tb <> 2022-08-31 09:38:00 +0000
committer: tb <> 2022-08-31 09:38:00 +0000
commit: 56edcd3374149e6c27331d45ead6cc4c1203ebfd (patch)
tree: c482a5a120451128fbb0aa6a9935144533c51ef0 /src
parent: 2ea7b919ed36546cd8ec29340a05dbda20a563cd (diff)
download: openbsd-56edcd3374149e6c27331d45ead6cc4c1203ebfd.tar.gz
openbsd-56edcd3374149e6c27331d45ead6cc4c1203ebfd.tar.bz2
openbsd-56edcd3374149e6c27331d45ead6cc4c1203ebfd.zip
1 files changed, 15 insertions, 2 deletions
diff --git a/src/regress/lib/libcrypto/ecdsa/ecdsatest.c b/src/regress/lib/libcrypto/ecdsa/ecdsatest.c
index 45ffd91ab4..6cbe345d08 100644
--- a/src/regress/lib/libcrypto/ecdsa/ecdsatest.c
+++ b/src/regress/lib/libcrypto/ecdsa/ecdsatest.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ecdsatest.c,v 1.11 2022/08/31 09:36:46 tb Exp $       */
+/*      $OpenBSD: ecdsatest.c,v 1.12 2022/08/31 09:38:00 tb Exp $       */
 /*
 * Written by Nils Larsch for the OpenSSL project.
 */
@@ -251,7 +251,8 @@ test_builtin(BIO *out)
                BIO_printf(out, ".");
                (void)BIO_flush(out);
                /* create signature */
-                sig_len = ECDSA_size(eckey);
+                if ((sig_len = ECDSA_size(eckey)) == 0)
+                        goto builtin_err;
                if ((signature = malloc(sig_len)) == NULL)
                        goto builtin_err;
                if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) {
@@ -332,6 +333,12 @@ test_builtin(BIO *out)
                r = NULL;
                s = NULL;
+                if ((sig_len = i2d_ECDSA_SIG(ecdsa_sig, NULL)) <= 0)
+                        goto builtin_err;
+                free(signature);
+                if ((signature = calloc(1, sig_len)) == NULL)
+                        goto builtin_err;
                sig_ptr2 = signature;
                sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
                if (ECDSA_verify(0, digest, 20, signature, sig_len,
@@ -349,6 +356,12 @@ test_builtin(BIO *out)
                r = NULL;
                s = NULL;
+                if ((sig_len = i2d_ECDSA_SIG(ecdsa_sig, NULL)) <= 0)
+                        goto builtin_err;
+                free(signature);
+                if ((signature = calloc(1, sig_len)) == NULL)
+                        goto builtin_err;
                sig_ptr2 = signature;
                sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
                if (ECDSA_verify(0, digest, 20, signature, sig_len,
author	tb <>	2022-08-31 09:38:00 +0000
committer	tb <>	2022-08-31 09:38:00 +0000
commit	56edcd3374149e6c27331d45ead6cc4c1203ebfd (patch)
tree	c482a5a120451128fbb0aa6a9935144533c51ef0 /src
parent	2ea7b919ed36546cd8ec29340a05dbda20a563cd (diff)
download	openbsd-56edcd3374149e6c27331d45ead6cc4c1203ebfd.tar.gz openbsd-56edcd3374149e6c27331d45ead6cc4c1203ebfd.tar.bz2 openbsd-56edcd3374149e6c27331d45ead6cc4c1203ebfd.zip