From bdeb7e5ddddba955e8fe2e329b7e86ba79c60cf3 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 19 Mar 2026 09:49:33 +0900 Subject: [PATCH] fix XFWRITE called with negative size --- src/sign-verify/clu_sign.c | 10 +++++++++ src/sign-verify/clu_verify.c | 22 ++++++++++--------- tests/genkey_sign_ver/genkey-sign-ver-test.sh | 18 +++++++++++++++ 3 files changed, 40 insertions(+), 10 deletions(-) diff --git a/src/sign-verify/clu_sign.c b/src/sign-verify/clu_sign.c index 5a1fb93..5bcab5f 100644 --- a/src/sign-verify/clu_sign.c +++ b/src/sign-verify/clu_sign.c @@ -729,6 +729,16 @@ int wolfCLU_sign_data_dilithium (byte* data, char* out, word32 dataSz, char* pri else { XFILE outFile; outFile = XFOPEN(out, "wb"); + if (outFile == NULL) { + wolfCLU_LogError("Failed to open output file %s", out); + XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRng(&rng); + wc_dilithium_free(key); + #ifdef WOLFSSL_SMALL_STACK + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return BAD_FUNC_ARG; + } XFWRITE(outBuf, 1, outBufSz, outFile); XFCLOSE(outFile); } diff --git a/src/sign-verify/clu_verify.c b/src/sign-verify/clu_verify.c index 80eba3f..3c85020 100644 --- a/src/sign-verify/clu_verify.c +++ b/src/sign-verify/clu_verify.c @@ -438,14 +438,16 @@ int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath, } /* write the output to the specified file */ - XFILE s = XFOPEN(out, "wb"); - if (s == NULL) { - wolfCLU_LogError("Unable to open file %s", out); - ret = BAD_FUNC_ARG; - } - else { - XFWRITE(outBuf, 1, ret, s); - XFCLOSE(s); + if (ret > 0) { + XFILE s = XFOPEN(out, "wb"); + if (s == NULL) { + wolfCLU_LogError("Unable to open file %s", out); + ret = BAD_FUNC_ARG; + } + else { + XFWRITE(outBuf, 1, ret, s); + XFCLOSE(s); + } } } @@ -954,7 +956,7 @@ int wolfCLU_verify_signature_xmss(byte* sig, int sigSz, for (int i = 0; i < XMSS_OID_LEN; i++) { oid = (oid << 8) | keyBuf[i]; } - + switch (oid) { case WC_XMSS_OID_SHA2_10_256: XMEMCPY(paramStr, "XMSS-SHA2_10_256\0", paramLen); @@ -1109,7 +1111,7 @@ int wolfCLU_verify_signature_xmssmt(byte* sig, int sigSz, for (int i = 0; i < XMSS_OID_LEN; i++) { oid = (oid << 8) | keyBuf[i]; } - + switch (oid) { case WC_XMSSMT_OID_SHA2_20_2_256: XMEMCPY(paramStr, "XMSSMT-SHA2_20/2_256\0\0", paramLen); diff --git a/tests/genkey_sign_ver/genkey-sign-ver-test.sh b/tests/genkey_sign_ver/genkey-sign-ver-test.sh index ee68739..d38c0ba 100755 --- a/tests/genkey_sign_ver/genkey-sign-ver-test.sh +++ b/tests/genkey_sign_ver/genkey-sign-ver-test.sh @@ -176,6 +176,16 @@ DERPEMRAW="der" VERIFYOUTNAME="rsa-sigout" gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ${VERIFYOUTNAME} +# A verify with invalid signature must fail gracefully. +./wolfssl -rsa -verify -inkey rsakey.pub -inform der \ + -sigfile sign-this.txt -in sign-this.txt \ + -out rsa_badverify_out.txt -pubin +RESULT=$? +[ $RESULT -eq 0 ] && \ + printf '%s\n' "RSA verify with invalid sig should have failed" && exit 99 +[ -f rsa_badverify_out.txt ] && \ + printf '%s\n' "RSA verify with invalid sig: output file must not be created" && exit 99 + # Regression test: -exponent value must not overwrite -size (was stored in # sizeArg instead of expArg, corrupting the key size). ./wolfssl -genkey rsa -size 2048 -exponent 65537 -out rsakey_exp \ @@ -227,6 +237,14 @@ for level in 2 3 5 do gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ${level} done + +# Dilithium sign to an unwritable path must fail gracefully +./wolfssl -genkey dilithium -level 2 -out mldsakey -outform der -output keypair +./wolfssl -dilithium -sign -inkey mldsakey.priv -inform der \ + -in sign-this.txt -out /nonexistent_dir/mldsa_bad.sig +RESULT=$? +[ $RESULT -eq 0 ] && \ + printf '%s\n' "dilithium sign to invalid path should have failed" && exit 99 fi # Check if xmss is availabe