Add judgment to prevent null dereference in abnormal conditions.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_ec.c | 17 +++++++++++++++++ src/uadk_ecx.c | 7 ++++++- src/uadk_rsa.c | 18 ++++++++++++++++++ src/uadk_sm2.c | 15 +++++++++++++++ 4 files changed, 56 insertions(+), 1 deletion(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c index 6106083..30e298e 100644 --- a/src/uadk_ec.c +++ b/src/uadk_ec.c @@ -453,6 +453,11 @@ static ECDSA_SIG *create_ecdsa_sig(struct wd_ecc_req *req) }
wd_ecdsa_get_sign_out_params(req->dst, &r, &s); + if (!r || !s) { + fprintf(stderr, "failed to get r or s\n"); + goto err; + } + if (!BN_bin2bn((void *)r->data, r->dsize, br) || !BN_bin2bn((void *)s->data, s->dsize, bs)) { fprintf(stderr, "failed to BN_bin2bn r or s\n"); @@ -755,6 +760,10 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) int ret;
wd_sm2_get_kg_out_params(req->dst, &privkey, &pubkey); + if (!privkey || !pubkey) { + fprintf(stderr, "failed to get privkey or pubkey\n"); + return -EINVAL; + }
tmp = BN_bin2bn((unsigned char *)privkey->data, privkey->dsize, NULL); ret = EC_KEY_set_private_key(ec, tmp); @@ -1069,6 +1078,10 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req) int ret = 0;
wd_ecxdh_get_out_params(req->dst, &pubkey); + if (!pubkey) { + fprintf(stderr, "failed to get pubkey\n"); + return ret; + }
group = EC_KEY_get0_group(ecdh); point = EC_POINT_new(group); @@ -1134,6 +1147,10 @@ static int ecdh_get_shared_key(const EC_KEY *ecdh, struct wd_ecc_point *shared_key = NULL;
wd_ecxdh_get_out_params(req->dst, &shared_key); + if (!shared_key) { + fprintf(stderr, "failed to get shared key\n"); + return 0; + }
*outlen = shared_key->x.dsize;
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c index b62f81d..4dd5a4c 100644 --- a/src/uadk_ecx.c +++ b/src/uadk_ecx.c @@ -287,12 +287,17 @@ static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx, int key_size = ecx_ctx->key_size; int ret;
- wd_ecxdh_get_out_params(req->dst, &pubkey); if (key_size > ECX_MAX_KEYLEN) { fprintf(stderr, "invalid key size, key_size = %d\n", key_size); return UADK_E_FAIL; }
+ wd_ecxdh_get_out_params(req->dst, &pubkey); + if (!pubkey) { + fprintf(stderr, "failed to get pubkey\n"); + return UADK_E_FAIL; + } + memcpy(ecx_key->pubkey, (const unsigned char *)pubkey->x.data, key_size); /* Trans public key from big-endian to little-endian */ diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index a1bb2cf..8af0844 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -913,7 +913,13 @@ static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param,
if (!rsa_sess->is_pubkey_ready) { wd_rsa_get_pubkey(rsa_sess->sess, &pubkey); + if (!pubkey) + return UADK_E_FAIL; + wd_rsa_get_pubkey_params(pubkey, &wd_e, &wd_n); + if (!wd_e || !wd_n) + return UADK_E_FAIL; + wd_e->dsize = BN_bn2bin(pubkey_param->e, (unsigned char *)wd_e->data); wd_n->dsize = BN_bn2bin(pubkey_param->n, @@ -946,8 +952,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,
if (!(rsa_sess->is_prikey_ready) && (pri->is_crt)) { wd_rsa_get_prikey(rsa_sess->sess, &prikey); + if (!prikey) + return UADK_E_FAIL; + wd_rsa_get_crt_prikey_params(prikey, &wd_dq, &wd_dp, &wd_qinv, &wd_q, &wd_p); + if (!wd_dq || !wd_dp || !wd_qinv || !wd_q || !wd_p) + return UADK_E_FAIL; + wd_dq->dsize = BN_bn2bin(pri->dmq1, (unsigned char *)wd_dq->data); wd_dp->dsize = BN_bn2bin(pri->dmp1, @@ -960,7 +972,13 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess, (unsigned char *)wd_qinv->data); } else if (!(rsa_sess->is_prikey_ready) && !(pri->is_crt)) { wd_rsa_get_prikey(rsa_sess->sess, &prikey); + if (!prikey) + return UADK_E_FAIL; + wd_rsa_get_prikey_params(prikey, &wd_d, &wd_n); + if (!wd_d || !wd_n) + return UADK_E_FAIL; + wd_d->dsize = BN_bn2bin(pri->d, (unsigned char *)wd_d->data); wd_n->dsize = BN_bn2bin(pri->n, diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c index b14fbcf..c5555a9 100644 --- a/src/uadk_sm2.c +++ b/src/uadk_sm2.c @@ -710,6 +710,11 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, }
wd_sm2_get_sign_out_params(req.dst, &r, &s); + if (!r || !s) { + ret = UADK_DO_SOFT; + goto uninit_iot; + } + ret = sign_bin_to_ber(NULL, r, s, sig, siglen); if (ret) goto uninit_iot; @@ -939,6 +944,11 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx,
md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md; wd_sm2_get_enc_out_params(req.dst, &c1, &c2, &c3); + if (!c1 || !c2 || !c3) { + ret = UADK_DO_SOFT; + goto uninit_iot; + } + ret = cipher_bin_to_ber(md, c1, c2, c3, out, outlen); if (ret) goto uninit_iot; @@ -1029,6 +1039,11 @@ static int sm2_get_plaintext(struct wd_ecc_req *req, struct wd_dtb *ptext = NULL;
wd_sm2_get_dec_out_params(req->dst, &ptext); + if (!ptext) { + fprintf(stderr, "failed to get ptext\n"); + return -EINVAL; + } + if (*outlen < ptext->dsize) { fprintf(stderr, "outlen(%lu) < (%u)\n", *outlen, ptext->dsize); return -EINVAL;