Contact Details
Katie.liszewski@aptiv.com
Version
latest master release (3fe534e)
Description
Actual behavior:
Calling wc_ecc_sign_hash with a larger than supported by the curve size input buffer truncates the buffer, signs the truncated buffer and returns a success.
Expected behavior:
Calling wc_ecc_sign_hash with a larger than supported by the curve size input buffer results in a malformed input error.
Background:
The issue is happening with all curves defined by the below settings including the default, Brainpool, and Koblitz curves.
#define WOLFSSL_CUSTOM_CURVES
#define HAVE_ECC_BRAINPOOL
#define HAVE_ECC_KOBLITZ
#define HAVE_CURVE25519
#define HAVE_ECC
Note:
The larger input isn't a normal use case as a user should hash a message thereby reducing the size going into the call before calling wc_ecc_sign_hash. The bounds check effectively protects against a user forgetting to hash their input.
Reproduction steps
I'm calling wc_ecc_sign_hash(localIn,inputLength,localOut, &keySize,&rng, &ecc);
"inputLength" is larger than a standard hash (for example 0x2000 bytes) and is the length of the localIn buffer. Note that I've resized keySize (the length of localOut) to be 4x the length returned in wc_ecc_get_curve_size_from_id to accommodate the needed output buffer size for ECC for the above call. "&ecc" is the pointer to the ECC key I've just generated using wc_ecc_make_key_ex. I created a test that loops over ecc_curve_ids and calls make key then sign on any defined curve. The behavior is the same for all curves.
I'm building on ARM64 Linux and have support for ECC curves configured in user_settings.h as shown above. I'm using the local software (non-callback) ECC calls. I don't think this issue is dependent on the architecture, curve or other settings (beyond using the standard Wolfcrypt software implementation ECC).
Relevant log output
Contact Details
Katie.liszewski@aptiv.com
Version
latest master release (3fe534e)
Description
Actual behavior:
Calling wc_ecc_sign_hash with a larger than supported by the curve size input buffer truncates the buffer, signs the truncated buffer and returns a success.
Expected behavior:
Calling wc_ecc_sign_hash with a larger than supported by the curve size input buffer results in a malformed input error.
Background:
The issue is happening with all curves defined by the below settings including the default, Brainpool, and Koblitz curves.
#define WOLFSSL_CUSTOM_CURVES
#define HAVE_ECC_BRAINPOOL
#define HAVE_ECC_KOBLITZ
#define HAVE_CURVE25519
#define HAVE_ECC
Note:
The larger input isn't a normal use case as a user should hash a message thereby reducing the size going into the call before calling wc_ecc_sign_hash. The bounds check effectively protects against a user forgetting to hash their input.
Reproduction steps
I'm calling wc_ecc_sign_hash(localIn,inputLength,localOut, &keySize,&rng, &ecc);
"inputLength" is larger than a standard hash (for example 0x2000 bytes) and is the length of the localIn buffer. Note that I've resized keySize (the length of localOut) to be 4x the length returned in wc_ecc_get_curve_size_from_id to accommodate the needed output buffer size for ECC for the above call. "&ecc" is the pointer to the ECC key I've just generated using wc_ecc_make_key_ex. I created a test that loops over ecc_curve_ids and calls make key then sign on any defined curve. The behavior is the same for all curves.
I'm building on ARM64 Linux and have support for ECC curves configured in user_settings.h as shown above. I'm using the local software (non-callback) ECC calls. I don't think this issue is dependent on the architecture, curve or other settings (beyond using the standard Wolfcrypt software implementation ECC).
Relevant log output