From 519d1412f720c2d83319f080569778ca433f6f33 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Tue, 9 Jul 2024 14:28:52 +0900
Subject: [PATCH] i2d_ECDSA_SIG: alloc a buffer for NULL pointer #7646

---
 src/ssl.c   | 26 ++++++++++++++++++++++----
 tests/api.c | 15 +++++++++++++--
 2 files changed, 35 insertions(+), 6 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 7bacb6c7ca..dd602587ec 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -37386,7 +37386,8 @@ WOLFSSL_ECDSA_SIG *wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG **sig,
 
 int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp)
 {
-    word32 len;
+    word32 len = 0;
+    int    update_p = 1;
 
     if (sig == NULL)
         return 0;
@@ -37403,13 +37404,30 @@ int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp)
      * and less than 256 bytes.
      */
     len = 1 + ((len > 127) ? 2 : 1) + len;
-    if (pp != NULL && *pp != NULL) {
+
+    #ifdef WOLFSSL_I2D_ECDSA_SIG_ALLOC
+    if ((pp != NULL) && (*pp == NULL)) {
+        *pp = (unsigned char *)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
+        if (*pp == NULL) {
+            WOLFSSL_MSG("malloc error");
+            return 0;
+        }
+        update_p = 0;
+    }
+    #endif
+    
+    /* Encode only if there is a buffer to encode into. */
+    if ((pp != NULL) && (*pp != NULL)) {
+        /* Encode using the internal representations of r and s. */
         if (StoreECC_DSA_Sig(*pp, &len, (mp_int*)sig->r->internal,
-                                        (mp_int*)sig->s->internal) != MP_OKAY) {
+                (mp_int*)sig->s->internal) != MP_OKAY) {
+            /* No bytes encoded. */
             len = 0;
         }
-        else
+        else if (update_p) {
+            /* Update pointer to after encoding. */
             *pp += len;
+        }
     }
 
     return (int)len;
diff --git a/tests/api.c b/tests/api.c
index f63f3b1f20..ec71fea967 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -2035,8 +2035,9 @@ static void test_wolfSSL_EC(void)
         0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
     };
 
-#ifdef HAVE_COMP_KEY
     const char* compG   = "036B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296";
+    
+#ifdef HAVE_COMP_KEY
     const unsigned char binCompG[] = {
         0x03, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
         0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
@@ -2152,9 +2153,9 @@ static void test_wolfSSL_EC(void)
     AssertIntEQ(EC_POINT_cmp(group, Gxy, get_point, ctx), 0);
     XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
 
-#ifdef HAVE_COMP_KEY
     hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx);
     AssertStrEQ(hexStr, compG);
+#ifdef HAVE_COMP_KEY
     AssertNotNull(get_point = EC_POINT_hex2point(group, hexStr, get_point, ctx));
     AssertIntEQ(EC_POINT_cmp(group, Gxy, get_point, ctx), 0);
 #endif
@@ -2258,6 +2259,16 @@ static void test_wolfSSL_ECDSA_SIG(void)
     AssertIntEQ((p == outSig + 8), 1);
     AssertIntEQ(XMEMCMP(sigData, outSig, 8), 0);
 
+    p = NULL;
+    AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), 8);
+#ifndef WOLFSSL_I2D_ECDSA_SIG_ALLOC
+    AssertNull(p);
+#else
+    AssertNotNull(p);
+    AssertIntEQ(XMEMCMP(p, outSig, 8), 0);
+    XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL);
+#endif
+
     wolfSSL_ECDSA_SIG_free(sig);
 #endif /* HAVE_ECC */
 }