WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #742 from dgarske/fix_asn_getlen 

Improved ASN error checking
pull/747/head
toddouska 2017-02-09 13:05:26 -08:00 committed by GitHub
parent 8763a71420 321392998d
commit c022614e07
4 changed files with 410 additions and 333 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

623
wolfcrypt/src/asn.c
View File

File diff suppressed because it is too large Load Diff

14
wolfcrypt/src/pkcs12.c
View File

@ -200,7 +200,7 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
freeSafe(safe, pkcs12->heap); freeSafe(safe, pkcs12->heap);
return ASN_PARSE_E; return ASN_PARSE_E;
} }
if ((ret = GetLength(input, &localIdx, &size, maxIdx)) < 0) { if ((ret = GetLength(input, &localIdx, &size, maxIdx)) <= 0) {
freeSafe(safe, pkcs12->heap); freeSafe(safe, pkcs12->heap);
return ret; return ret;
} }
@ -218,7 +218,7 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
freeSafe(safe, pkcs12->heap); freeSafe(safe, pkcs12->heap);
return ASN_PARSE_E; return ASN_PARSE_E;
} }
if ((ret = GetLength(input, &localIdx, &size, maxIdx)) < 0) { if ((ret = GetLength(input, &localIdx, &size, maxIdx)) <= 0) {
freeSafe(safe, pkcs12->heap); freeSafe(safe, pkcs12->heap);
return ret; return ret;
} }
@ -367,7 +367,7 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
return ASN_PARSE_E; return ASN_PARSE_E;
} }
if ((ret = GetLength(mem, &curIdx, &size, totalSz)) < 0) { if ((ret = GetLength(mem, &curIdx, &size, totalSz)) <= 0) {
XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
return ret; return ret;
} }
@ -398,7 +398,7 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
return ASN_PARSE_E; return ASN_PARSE_E;
} }
if ((ret = GetLength(mem, &curIdx, &size, totalSz)) < 0) { if ((ret = GetLength(mem, &curIdx, &size, totalSz)) <= 0) {
XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_PKCS);
XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS); XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
return ret; return ret;
@ -800,7 +800,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
freeCertList(certList, pkcs12->heap); freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E; return ASN_PARSE_E;
} }
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) < 0) { if ((ret = GetLength(data, &idx, &size, ci->dataSz)) <= 0) {
freeBuffers(*pkey, buf, pkcs12->heap); freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap); freeCertList(certList, pkcs12->heap);
return ret; return ret;
@ -851,7 +851,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
freeCertList(certList, pkcs12->heap); freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E; return ASN_PARSE_E;
} }
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) < 0) { if ((ret = GetLength(data, &idx, &size, ci->dataSz)) <= 0) {
freeBuffers(*pkey, buf, pkcs12->heap); freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap); freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E; return ASN_PARSE_E;
@ -987,7 +987,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
return ASN_PARSE_E; return ASN_PARSE_E;
} }
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) if ((ret = GetLength(data, &idx, &size, ci->dataSz))
< 0) { <= 0) {
freeBuffers(*pkey, buf, pkcs12->heap); freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap); freeCertList(certList, pkcs12->heap);
return ret; return ret;

30
wolfcrypt/src/pkcs7.c
View File

@ -86,7 +86,7 @@ static int wc_SetContentType(int pkcs7TypeOID, byte* output)
typeSz = sizeof(signedData); typeSz = sizeof(signedData);
typeName = signedData; typeName = signedData;
break; break;
case ENVELOPED_DATA: case ENVELOPED_DATA:
typeSz = sizeof(envelopedData); typeSz = sizeof(envelopedData);
typeName = envelopedData; typeName = envelopedData;
@ -853,7 +853,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
if (pkiMsg[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) if (pkiMsg[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))
return ASN_PARSE_E; return ASN_PARSE_E;
if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) <= 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (pkiMsg[idx++] != ASN_OCTET_STRING) if (pkiMsg[idx++] != ASN_OCTET_STRING)
@ -2735,14 +2735,18 @@ static int wc_PKCS7_KariGetUserKeyingMaterial(WC_PKCS7_KARI* kari,
return 0; return 0;
} }
kari->ukm = (byte*)XMALLOC(length, kari->heap, DYNAMIC_TYPE_PKCS7); kari->ukm = NULL;
if (kari->ukm == NULL) if (length > 0) {
return MEMORY_E; kari->ukm = (byte*)XMALLOC(length, kari->heap, DYNAMIC_TYPE_PKCS7);
if (kari->ukm == NULL)
return MEMORY_E;
XMEMCPY(kari->ukm, pkiMsg + (*idx), length);
kari->ukmOwner = 1;
}
XMEMCPY(kari->ukm, pkiMsg + (*idx), length);
(*idx) += length; (*idx) += length;
kari->ukmSz = length; kari->ukmSz = length;
kari->ukmOwner = 1;
return 0; return 0;
} }
@ -3129,7 +3133,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
/* walk through RecipientInfo set, find correct recipient */ /* walk through RecipientInfo set, find correct recipient */
if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0) if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, NULL, decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, NULL,
DYNAMIC_TYPE_PKCS7); DYNAMIC_TYPE_PKCS7);
@ -3163,7 +3167,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
#endif #endif
return ASN_PARSE_E; return ASN_PARSE_E;
} }
if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0) { if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
@ -3201,14 +3205,14 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
#endif #endif
return ASN_PARSE_E; return ASN_PARSE_E;
} }
if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) { if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
#endif #endif
return ASN_PARSE_E; return ASN_PARSE_E;
} }
if (length != expBlockSz) { if (length != expBlockSz) {
WOLFSSL_MSG("Incorrect IV length, must be of content alg block size"); WOLFSSL_MSG("Incorrect IV length, must be of content alg block size");
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@ -3228,7 +3232,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
return ASN_PARSE_E; return ASN_PARSE_E;
} }
if (GetLength(pkiMsg, &idx, &encryptedContentSz, pkiMsgSz) < 0) { if (GetLength(pkiMsg, &idx, &encryptedContentSz, pkiMsgSz) <= 0) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7);
#endif #endif
@ -3682,7 +3686,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
if (pkiMsg[idx++] != (ASN_CONTEXT_SPECIFIC | 0)) if (pkiMsg[idx++] != (ASN_CONTEXT_SPECIFIC | 0))
return ASN_PARSE_E; return ASN_PARSE_E;
if (GetLength(pkiMsg, &idx, &encryptedContentSz, pkiMsgSz) < 0) if (GetLength(pkiMsg, &idx, &encryptedContentSz, pkiMsgSz) <= 0)
return ASN_PARSE_E; return ASN_PARSE_E;
encryptedContent = (byte*)XMALLOC(encryptedContentSz, pkcs7->heap, encryptedContent = (byte*)XMALLOC(encryptedContentSz, pkcs7->heap,

76
wolfcrypt/user-crypto/src/rsa.c
View File

@ -792,39 +792,39 @@ static int GetLength(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx) word32 maxIdx)
{ {
int length = 0; int length = 0;
word32 i = *inOutIdx; word32 idx = *inOutIdx;
byte b; byte b;
*len = 0; /* default length */ *len = 0; /* default length */
if ( (i+1) > maxIdx) { /* for first read */ if ((idx + 1) > maxIdx) { /* for first read */
USER_DEBUG(("GetLength bad index on input\n")); USER_DEBUG(("GetLength bad index on input\n"));
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
b = input[i++]; b = input[idx++];
if (b >= 0x80) { if (b >= 0x80) {
word32 bytes = b & 0x7F; word32 bytes = b & 0x7F;
if ( (i+bytes) > maxIdx) { /* for reading bytes */ if ((idx + bytes) > maxIdx) { /* for reading bytes */
USER_DEBUG(("GetLength bad long length\n")); USER_DEBUG(("GetLength bad long length\n"));
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
while (bytes--) { while (bytes--) {
b = input[i++]; b = input[idx++];
length = (length << 8) | b; length = (length << 8) | b;
} }
} }
else else
length = b; length = b;
if ( (i+length) > maxIdx) { /* for user of length */ if ((idx + length) > maxIdx) { /* for user of length */
USER_DEBUG(("GetLength value exceeds buffer length\n")); USER_DEBUG(("GetLength value exceeds buffer length\n"));
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
*inOutIdx = i; *inOutIdx = idx;
if (length > 0) if (length > 0)
*len = length; *len = length;
@ -836,21 +836,28 @@ static int GetInt(IppsBigNumState** mpi, const byte* input, word32* inOutIdx,
word32 maxIdx) word32 maxIdx)
{ {
IppStatus ret; IppStatus ret;
word32 i = *inOutIdx; word32 idx = *inOutIdx;
byte b = input[i++]; byte b;
int length; int length;
int ctxSz; int ctxSz;
if ((idx + 1) > maxIdx)
return USER_CRYPTO_ERROR;
b = input[idx++];
if (b != 0x02) if (b != 0x02)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
if (GetLength(input, &i, &length, maxIdx) < 0) if (GetLength(input, &idx, &length, maxIdx) < 0)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
if ( (b = input[i++]) == 0x00) if (length > 0) {
length--; /* remove leading zero */
else if ( (b = input[idx++]) == 0x00)
i--; length--;
else
idx--;
}
ret = ippsBigNumGetSize(length, &ctxSz); ret = ippsBigNumGetSize(length, &ctxSz);
if (ret != ippStsNoErr) if (ret != ippStsNoErr)
@ -864,11 +871,11 @@ static int GetInt(IppsBigNumState** mpi, const byte* input, word32* inOutIdx,
if (ret != ippStsNoErr) if (ret != ippStsNoErr)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
ret = ippsSetOctString_BN((Ipp8u*)input + i, length, *mpi); ret = ippsSetOctString_BN((Ipp8u*)input + idx, length, *mpi);
if (ret != ippStsNoErr) if (ret != ippStsNoErr)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
*inOutIdx = i + length; *inOutIdx = idx + length;
return 0; return 0;
} }
@ -879,6 +886,9 @@ static int GetSequence(const byte* input, word32* inOutIdx, int* len,
int length = -1; int length = -1;
word32 idx = *inOutIdx; word32 idx = *inOutIdx;
if ((idx + 1) > maxIdx)
return USER_CRYPTO_ERROR;
if (input[idx++] != (0x10 | 0x20) || if (input[idx++] != (0x10 | 0x20) ||
GetLength(input, &idx, &length, maxIdx) < 0) GetLength(input, &idx, &length, maxIdx) < 0)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -891,10 +901,13 @@ static int GetSequence(const byte* input, word32* inOutIdx, int* len,
static int GetMyVersion(const byte* input, word32* inOutIdx, static int GetMyVersion(const byte* input, word32* inOutIdx,
int* version) int* version, word32 maxIdx)
{ {
word32 idx = *inOutIdx; word32 idx = *inOutIdx;
if ((idx + 3) > maxIdx)
return USER_CRYPTO_ERROR;
if (input[idx++] != 0x02) if (input[idx++] != 0x02)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -921,7 +934,7 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
if (GetSequence(input, inOutIdx, &length, inSz) < 0) if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
if (GetMyVersion(input, inOutIdx, &version) < 0) if (GetMyVersion(input, inOutIdx, &version, inSz) < 0)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
key->type = RSA_PRIVATE; key->type = RSA_PRIVATE;
@ -1046,9 +1059,12 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
word32 inSz) word32 inSz)
{ {
int length; int length;
int ctxSz; int ctxSz;
IppStatus ret; IppStatus ret;
#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
byte b;
#endif
USER_DEBUG(("Entering wc_RsaPublicKeyDecode\n")); USER_DEBUG(("Entering wc_RsaPublicKeyDecode\n"));
@ -1058,8 +1074,10 @@ int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
key->type = RSA_PUBLIC; key->type = RSA_PUBLIC;
#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) #if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
{ if ((*inOutIdx + 1) > inSz)
byte b = input[*inOutIdx]; return USER_CRYPTO_ERROR;
b = input[*inOutIdx];
if (b != ASN_INTEGER) { if (b != ASN_INTEGER) {
/* not from decoded cert, will have algo id, skip past */ /* not from decoded cert, will have algo id, skip past */
if (GetSequence(input, inOutIdx, &length, inSz) < 0) if (GetSequence(input, inOutIdx, &length, inSz) < 0)
@ -1082,16 +1100,17 @@ int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
if (b != 0) if (b != 0)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
else else {
/* go back, didn't have it */ /* go back, didn't have it */
(*inOutIdx)--; (*inOutIdx)--;
}
/* should have bit tag length and seq next */ /* should have bit tag length and seq next */
b = input[(*inOutIdx)++]; b = input[(*inOutIdx)++];
if (b != ASN_BIT_STRING) if (b != ASN_BIT_STRING)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
if (GetLength(input, inOutIdx, &length, inSz) < 0) if (GetLength(input, inOutIdx, &length, inSz) <= 0)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
/* could have 0 */ /* could have 0 */
@ -1101,12 +1120,13 @@ int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
if (GetSequence(input, inOutIdx, &length, inSz) < 0) if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} /* end if */ }
} /* openssl var block */ #endif /* OPENSSL_EXTRA || RSA_DECODE_EXTRA */
#endif /* OPENSSL_EXTRA */
if (GetInt(&key->n, input, inOutIdx, inSz) < 0 || if (GetInt(&key->n, input, inOutIdx, inSz) < 0 ||
GetInt(&key->e, input, inOutIdx, inSz) < 0 ) return USER_CRYPTO_ERROR; GetInt(&key->e, input, inOutIdx, inSz) < 0) {
return USER_CRYPTO_ERROR;
}
/* get sizes set for IPP BN states */ /* get sizes set for IPP BN states */
ret = ippsGetSize_BN(key->n, &key->nSz); ret = ippsGetSize_BN(key->n, &key->nSz);