Rust wrapper: check for NUL-terminated slice in ECC::rs_hex_to_sig

Fixes F-3092

Author: holtrop-wolfssl

wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs

@@ -1219,6 +1219,9 @@ impl ECC {
     /// }
     /// ```
     pub fn rs_hex_to_sig(r: &[u8], s: &[u8], dout: &mut [u8]) -> Result<usize, i32> {
+        if r[r.len() - 1] != 0 || s[s.len() - 1] != 0 {
+            return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
         let mut dout_size = crate::buffer_len_to_u32(dout.len())?;
         let r_ptr = r.as_ptr() as *const core::ffi::c_char;
         let s_ptr = s.as_ptr() as *const core::ffi::c_char;

wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs

@@ -342,3 +342,24 @@ fn test_ecc_import() {
     ECC::import_raw(qx, qy, d, b"SECP256R1\0", None, None).expect("Error with import_raw()");
     ECC::import_raw_ex(qx, qy, d, ECC::SECP256R1, None, None).expect("Error with import_raw_ex()");
 }
+
+#[test]
+fn test_ecc_rs_hex_to_sig_not_null_terminated() {
+    let r_hex = b"AABB\0";
+    let s_hex = b"CCDD\0";
+    let r_hex_no_nul = b"AABB";
+    let s_hex_no_nul = b"CCDD";
+    let mut sig_out = [0u8; 128];
+
+    // Both null-terminated should succeed
+    assert!(ECC::rs_hex_to_sig(r_hex, s_hex, &mut sig_out).is_ok());
+
+    // r not null-terminated should fail
+    assert!(ECC::rs_hex_to_sig(r_hex_no_nul, s_hex, &mut sig_out).is_err());
+
+    // s not null-terminated should fail
+    assert!(ECC::rs_hex_to_sig(r_hex, s_hex_no_nul, &mut sig_out).is_err());
+
+    // Both not null-terminated should fail
+    assert!(ECC::rs_hex_to_sig(r_hex_no_nul, s_hex_no_nul, &mut sig_out).is_err());
+}