From 12cdfae7c3509c98b8e34a57afd00a0326f979eb Mon Sep 17 00:00:00 2001 From: Pekka Riikonen Date: Fri, 11 Oct 2002 14:07:42 +0000 Subject: [PATCH] Error checkings for signature computation. --- lib/silccore/silcauth.c | 5 +++-- lib/silccrypt/silcpkcs.h | 2 +- lib/silcske/silcske.c | 15 +++++++++++++-- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/lib/silccore/silcauth.c b/lib/silccore/silcauth.c index 1beacd44..63ad6940 100644 --- a/lib/silccore/silcauth.c +++ b/lib/silccore/silcauth.c @@ -241,7 +241,7 @@ SilcBuffer silc_auth_public_key_auth_generate(SilcPublicKey public_key, const void *id, SilcIdType type) { unsigned char *randomdata; - unsigned char auth_data[1024]; + unsigned char auth_data[2048]; SilcUInt32 auth_len; unsigned char *tmp; SilcUInt32 tmp_len; @@ -274,7 +274,8 @@ SilcBuffer silc_auth_public_key_auth_generate(SilcPublicKey public_key, silc_pkcs_private_key_set(pkcs, private_key); /* Compute the hash and the signature. */ - if (!silc_pkcs_sign_with_hash(pkcs, hash, tmp, tmp_len, auth_data, + if (silc_pkcs_get_key_len(pkcs) > sizeof(auth_data) - 1 || + !silc_pkcs_sign_with_hash(pkcs, hash, tmp, tmp_len, auth_data, &auth_len)) { memset(randomdata, 0, 256); memset(tmp, 0, tmp_len); diff --git a/lib/silccrypt/silcpkcs.h b/lib/silccrypt/silcpkcs.h index 787424d7..5dfebffe 100644 --- a/lib/silccrypt/silcpkcs.h +++ b/lib/silccrypt/silcpkcs.h @@ -271,7 +271,7 @@ unsigned char *silc_pkcs_get_public_key(SilcPKCS pkcs, SilcUInt32 *len); unsigned char *silc_pkcs_get_private_key(SilcPKCS pkcs, SilcUInt32 *len); SilcUInt32 silc_pkcs_public_key_set(SilcPKCS pkcs, SilcPublicKey public_key); SilcUInt32 silc_pkcs_public_key_data_set(SilcPKCS pkcs, unsigned char *pk, - SilcUInt32 pk_len); + SilcUInt32 pk_len); int silc_pkcs_private_key_set(SilcPKCS pkcs, SilcPrivateKey private_key); int silc_pkcs_private_key_data_set(SilcPKCS pkcs, unsigned char *prv, SilcUInt32 prv_len); diff --git a/lib/silcske/silcske.c b/lib/silcske/silcske.c index 794306d9..6535f55d 100644 --- a/lib/silcske/silcske.c +++ b/lib/silcske/silcske.c @@ -397,7 +397,16 @@ SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske, /* Sign the hash value */ silc_pkcs_private_key_data_set(ske->prop->pkcs, private_key->prv, private_key->prv_len); - silc_pkcs_sign(ske->prop->pkcs, hash, hash_len, sign, &sign_len); + if (silc_pkcs_get_key_len(ske->prop->pkcs) > sizeof(sign) - 1 || + !silc_pkcs_sign(ske->prop->pkcs, hash, hash_len, sign, &sign_len)) { + silc_mp_uninit(x); + silc_free(x); + silc_mp_uninit(&payload->x); + silc_free(payload->pk_data); + silc_free(payload); + ske->status = status; + return status; + } payload->sign_data = silc_calloc(sign_len, sizeof(unsigned char)); memcpy(payload->sign_data, sign, sign_len); memset(sign, 0, sizeof(sign)); @@ -1029,7 +1038,9 @@ SilcSKEStatus silc_ske_responder_finish(SilcSKE ske, /* Sign the hash value */ silc_pkcs_private_key_data_set(ske->prop->pkcs, private_key->prv, private_key->prv_len); - silc_pkcs_sign(ske->prop->pkcs, hash, hash_len, sign, &sign_len); + if (silc_pkcs_get_key_len(ske->prop->pkcs) > sizeof(sign) - 1 || + !silc_pkcs_sign(ske->prop->pkcs, hash, hash_len, sign, &sign_len)) + goto err; ske->ke2_payload->sign_data = silc_calloc(sign_len, sizeof(unsigned char)); memcpy(ske->ke2_payload->sign_data, sign, sign_len); memset(sign, 0, sizeof(sign)); -- 2.24.0