From e31b15875b77d811cbe5e5a87721d5b269b4b7c7 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Wed, 20 Nov 2024 15:25:18 -0700 Subject: [PATCH 1/3] fix buffer overflow due to uninitialized idx variable --- tests/api.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/api.c b/tests/api.c index a2363c3820..5b8efa7cfb 100644 --- a/tests/api.c +++ b/tests/api.c @@ -35001,8 +35001,10 @@ static int test_wc_dilithium_der(void) WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* When security level is not set, we attempt to parse it from DER. Since * the supplied DER is invalid, this should fail with ASN parsing error */ + idx = 0; ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen), WC_NO_ERR_TRACE(ASN_PARSE_E)); + idx = 0; ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen), WC_NO_ERR_TRACE(ASN_PARSE_E)); From 30f372ce1666f2ff386acb44429281fa7a9dad41 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Wed, 20 Nov 2024 15:26:55 -0700 Subject: [PATCH 2/3] add autogenerated error trace headers to gitignore --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index 87ff413b3f..cf70123273 100644 --- a/.gitignore +++ b/.gitignore @@ -457,3 +457,7 @@ wrapper/Ada/obj/ /**/.vscode/launch.json /**/.vscode/ipch /**/sdkconfig.esp32dev + +# Autogenerated debug trace headers +wolfssl/debug-trace-error-codes.h +wolfssl/debug-untrace-error-codes.h From cceeb776f7d45252dc83986d0809a9b5a36d1059 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Wed, 20 Nov 2024 16:07:25 -0700 Subject: [PATCH 3/3] gate dilithium OID autodetection on FIPS 204 draft mode --- tests/api.c | 14 ++++++++++++-- wolfcrypt/src/dilithium.c | 21 ++++++++++++--------- wolfcrypt/test/test.c | 2 ++ 3 files changed, 26 insertions(+), 11 deletions(-) diff --git a/tests/api.c b/tests/api.c index 5b8efa7cfb..3df31dbd1f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -35003,10 +35003,20 @@ static int test_wc_dilithium_der(void) * the supplied DER is invalid, this should fail with ASN parsing error */ idx = 0; ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen), - WC_NO_ERR_TRACE(ASN_PARSE_E)); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WC_NO_ERR_TRACE(BAD_FUNC_ARG) +#else + WC_NO_ERR_TRACE(ASN_PARSE_E) +#endif + ); idx = 0; ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen), - WC_NO_ERR_TRACE(ASN_PARSE_E)); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WC_NO_ERR_TRACE(BAD_FUNC_ARG) +#else + WC_NO_ERR_TRACE(ASN_PARSE_E) +#endif + ); #ifndef WOLFSSL_NO_ML_DSA_44 ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index d07a4e4c4f..f4d7d56fe6 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -9532,14 +9532,15 @@ static int mapOidToSecLevel(word32 oid) * @param [in, out] inOutIdx On in, index into array of start of DER encoding. * On out, index into array after DER encoding. * @param [in, out] key Dilithium key structure to hold the decoded key. - * If the security level is set in the key structure on - * input, the DER key will be decoded as such and will - * fail if there is a mismatch. If the level and - * parameters are not set in the key structure on + * If the security level is set in the key structure + * on input, the DER key will be decoded as such and + * will fail if there is a mismatch. If the level + * and parameters are not set in the key structure on * input, the level will be detected from the DER * file based on the algorithm OID, appropriately * decoded, then updated in the key structure on - * output. + * output. Auto-detection of the security level is + * not supported if compiled for FIPS 204 draft mode. * @param [in] inSz Total size of the input DER buffer array. * @return 0 on success. * @return BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0. @@ -9803,10 +9804,12 @@ static int dilithium_check_type(const byte* input, word32* inOutIdx, byte type, * on input, the DER key will be decoded as such * and will fail if there is a mismatch. If the level * and parameters are not set in the key structure on - * input, the level will be detected from the DER file - * based on the algorithm OID, appropriately decoded, - * then updated in the key structure on output. - * updated in the key structure on output. + * input, the level will be detected from the DER + * file based on the algorithm OID, appropriately + * decoded, then updated in the key structure on + * output. Auto-detection of the security level is + * not supported if compiled for FIPS 204 + * draft mode. * @param [in] inSz Total size of data in array. * @return 0 on success. * @return BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0. diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index f8ecd0cb59..281053773c 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -45952,6 +45952,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, ret = wc_dilithium_init(&key); } +#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Test decoding without setting security level - should auto-detect */ if (ret == 0) { idx = 0; @@ -45974,6 +45975,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, expectedLevel, key.level); ret = WC_TEST_RET_ENC_NC; } +#endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */ /* Cleanup */ XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);