argument checks before allocation

libtom · Apr 11, 2021 · 6be0836 · 6be0836
1 parent 230b1fc
commit 6be0836
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 21 deletions.
diff --git a/src/pk/ecc/ecc_sign_hash_eth27.c b/src/pk/ecc/ecc_sign_hash_eth27.c
@@ -34,19 +34,18 @@ int ecc_sign_hash_eth27(const unsigned char *in,  unsigned long inlen,
    LTC_ARGCHK(outlen != NULL);
    LTC_ARGCHK(key    != NULL);
 
-   if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) return err;
-   if ((err = ecc_sign_hash_internal(in, inlen, r, s, prng, wprng, &recid, key)) != CRYPT_OK) goto error;
-
    /* Only valid for secp256k1 - OID 1.3.132.0.10 */
    if (pk_oid_cmp_with_ulong("1.3.132.0.10", key->dp.oid, key->dp.oidlen) != CRYPT_OK) {
-      err = CRYPT_ERROR;
-      goto error;
+      return CRYPT_ERROR;
    }
    if (*outlen < 65) {
-      err = CRYPT_BUFFER_OVERFLOW;
       *outlen = 65;
-      goto error;
+      return CRYPT_BUFFER_OVERFLOW;
    }
+
+   if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) return err;
+   if ((err = ecc_sign_hash_internal(in, inlen, r, s, prng, wprng, &recid, key)) != CRYPT_OK) goto error;
+
    zeromem(out, 65);
    *outlen = 65;
    i = mp_unsigned_bin_size(r);

diff --git a/src/pk/ecc/ecc_sign_hash_rfc5656.c b/src/pk/ecc/ecc_sign_hash_rfc5656.c
@@ -34,11 +34,12 @@ int ecc_sign_hash_rfc5656(const unsigned char *in,  unsigned long inlen,
    LTC_ARGCHK(out    != NULL);
    LTC_ARGCHK(outlen != NULL);
 
+   /* Get identifier string */
+   if ((err = ecc_ssh_ecdsa_encode_name(name, &namelen, key)) != CRYPT_OK) return err;
+
    if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) return err;
    if ((err = ecc_sign_hash_internal(in, inlen, r, s, prng, wprng, NULL, key)) != CRYPT_OK) goto error;
 
-   /* Get identifier string */
-   if ((err = ecc_ssh_ecdsa_encode_name(name, &namelen, key)) != CRYPT_OK) goto error;
    /* Store as SSH data sequence, per RFC4251 */
    err = ssh_encode_sequence_multi(out, outlen,
                                    LTC_SSHDATA_STRING, name, namelen,

diff --git a/src/pk/ecc/ecc_sign_hash_rfc7518.c b/src/pk/ecc/ecc_sign_hash_rfc7518.c
@@ -36,16 +36,16 @@ int ecc_sign_hash_rfc7518_ex(const unsigned char *in,  unsigned long inlen,
    LTC_ARGCHK(outlen != NULL);
    LTC_ARGCHK(key    != NULL);
 
-   if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) return err;
-   if ((err = ecc_sign_hash_internal(in, inlen, r, s, prng, wprng, recid, key)) != CRYPT_OK) goto error;
-
    /* RFC7518 format - raw (r,s) */
    pbytes = mp_unsigned_bin_size(key->dp.order);
    if (*outlen < 2 * pbytes) {
-      err = CRYPT_BUFFER_OVERFLOW;
       *outlen = 2 * pbytes;
-      goto error;
+      return CRYPT_BUFFER_OVERFLOW;
    }
+
+   if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) return err;
+   if ((err = ecc_sign_hash_internal(in, inlen, r, s, prng, wprng, recid, key)) != CRYPT_OK) goto error;
+
    zeromem(out, 2 * pbytes);
    *outlen = 2 * pbytes;
    i = mp_unsigned_bin_size(r);

diff --git a/src/pk/ecc/ecc_verify_hash_eth27.c b/src/pk/ecc/ecc_verify_hash_eth27.c
@@ -36,17 +36,16 @@ int ecc_verify_hash_eth27(const unsigned char *sig,  unsigned long siglen,
    LTC_ARGCHK(sig != NULL);
    LTC_ARGCHK(key != NULL);
 
-   if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) return err;
-
    /* Only valid for secp256k1 - OID 1.3.132.0.10 */
    if (pk_oid_cmp_with_ulong("1.3.132.0.10", key->dp.oid, key->dp.oidlen) != CRYPT_OK) {
-      err = CRYPT_ERROR;
-      goto error;
+      return CRYPT_ERROR;
    }
-   if (siglen != 65) { /* Only secp256k1 curves use this format, so must be 65 bytes long */
-      err = CRYPT_INVALID_PACKET;
-      goto error;
+   /* Only secp256k1 curves uses this format, so must be 65 bytes long */
+   if (siglen != 65) {
+      return CRYPT_INVALID_PACKET;
    }
+
+   if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) return err;
    if ((err = mp_read_unsigned_bin(r, (unsigned char *)sig, 32)) != CRYPT_OK) goto error;
    if ((err = mp_read_unsigned_bin(s, (unsigned char *)sig + 32, 32)) != CRYPT_OK) goto error;