From 09e52a0e35abcb3c11ea791b8d8d9621c510ba6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Baptiste=20B=C3=A9drune?= Date: Wed, 19 Oct 2022 08:35:22 +0200 Subject: [PATCH] Fix null dereference in PKCS #1.5 padding functions Detected by GCC analyzer --- lib_cxng/src/cx_pkcs1.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/lib_cxng/src/cx_pkcs1.c b/lib_cxng/src/cx_pkcs1.c index 09b8153c0..500b09b05 100644 --- a/lib_cxng/src/cx_pkcs1.c +++ b/lib_cxng/src/cx_pkcs1.c @@ -275,6 +275,9 @@ cx_err_t cx_pkcs1_emsa_v1o5_encode(cx_md_t hID, uint8_t *em, size_t emLen, const const uint8_t *oid; oid = cx_pkcs1_get_hash_oid(hID, &oid_len); + if (oid == NULL) { + return CX_INVALID_PARAMETER; + } if ((3 + oid_len + mHashLen) >= emLen) { return CX_INVALID_PARAMETER; @@ -303,6 +306,9 @@ bool cx_pkcs1_emsa_v1o5_verify(cx_md_t hID, uint8_t *em, size_t emLen, const uin const uint8_t *oid; oid = cx_pkcs1_get_hash_oid(hID, &oid_len); + if (oid == NULL) { + return false; + } if ((3 + oid_len + mHashLen) >= emLen) { return false; @@ -518,6 +524,9 @@ cx_err_t cx_pkcs1_eme_oaep_encode(cx_md_t hID, uint8_t *em, size_t emLen, const hLen = cx_pkcs1_get_hash_len(hID); lHash = cx_pkcs1_get_hash_oeap(hID, &lHashLen); + if (hLen == 0 || lHash == NULL) { + return CX_INVALID_PARAMETER; + } if ((hLen + 1) >= emLen) { return CX_INVALID_PARAMETER; @@ -565,6 +574,9 @@ cx_err_t cx_pkcs1_eme_oaep_decode(cx_md_t hID, uint8_t *em, size_t emLen, uint8_ hLen = cx_pkcs1_get_hash_len(hID); lHash = cx_pkcs1_get_hash_oeap(hID, &lHashLen); + if (hLen == 0 || lHash == NULL) { + return CX_INVALID_PARAMETER; + } if ((hLen + 1) >= emLen) { return CX_INVALID_PARAMETER; }