1685ffcd1SArrigo Marchioridiff -ur misc/nss-3.39/nss/lib/cryptohi/secvfy.c misc/build/nss-3.39/nss/lib/cryptohi/secvfy.c 2685ffcd1SArrigo Marchiori--- misc/nss-3.39/nss/lib/cryptohi/secvfy.c 2018-08-31 14:55:53.000000000 +0200 3685ffcd1SArrigo Marchiori+++ misc/build/nss-3.39/nss/lib/cryptohi/secvfy.c 2022-02-05 22:36:19.617132698 +0100 4685ffcd1SArrigo Marchiori@@ -164,6 +164,37 @@ 5685ffcd1SArrigo Marchiori PR_FALSE /*XXX: unsafeAllowMissingParameters*/); 6685ffcd1SArrigo Marchiori } 7685ffcd1SArrigo Marchiori 8685ffcd1SArrigo Marchiori+static unsigned int 9685ffcd1SArrigo Marchiori+checkedSignatureLen(const SECKEYPublicKey *pubk) 10685ffcd1SArrigo Marchiori+{ 11685ffcd1SArrigo Marchiori+ unsigned int sigLen = SECKEY_SignatureLen(pubk); 12*2f7f065dSArrigo Marchiori+ unsigned int maxSigLen; 13685ffcd1SArrigo Marchiori+ if (sigLen == 0) { 14685ffcd1SArrigo Marchiori+ /* Error set by SECKEY_SignatureLen */ 15685ffcd1SArrigo Marchiori+ return sigLen; 16685ffcd1SArrigo Marchiori+ } 17685ffcd1SArrigo Marchiori+ switch (pubk->keyType) { 18685ffcd1SArrigo Marchiori+ case rsaKey: 19685ffcd1SArrigo Marchiori+ case rsaPssKey: 20685ffcd1SArrigo Marchiori+ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8; 21685ffcd1SArrigo Marchiori+ break; 22685ffcd1SArrigo Marchiori+ case dsaKey: 23685ffcd1SArrigo Marchiori+ maxSigLen = DSA_MAX_SIGNATURE_LEN; 24685ffcd1SArrigo Marchiori+ break; 25685ffcd1SArrigo Marchiori+ case ecKey: 26685ffcd1SArrigo Marchiori+ maxSigLen = 2 * MAX_ECKEY_LEN; 27685ffcd1SArrigo Marchiori+ break; 28685ffcd1SArrigo Marchiori+ default: 29685ffcd1SArrigo Marchiori+ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); 30685ffcd1SArrigo Marchiori+ return 0; 31685ffcd1SArrigo Marchiori+ } 32685ffcd1SArrigo Marchiori+ if (sigLen > maxSigLen) { 33685ffcd1SArrigo Marchiori+ PORT_SetError(SEC_ERROR_INVALID_KEY); 34685ffcd1SArrigo Marchiori+ return 0; 35685ffcd1SArrigo Marchiori+ } 36685ffcd1SArrigo Marchiori+ return sigLen; 37685ffcd1SArrigo Marchiori+} 38685ffcd1SArrigo Marchiori+ 39685ffcd1SArrigo Marchiori /* 40685ffcd1SArrigo Marchiori * decode the ECDSA or DSA signature from it's DER wrapping. 41685ffcd1SArrigo Marchiori * The unwrapped/raw signature is placed in the buffer pointed 42685ffcd1SArrigo Marchiori@@ -174,38 +205,38 @@ 43685ffcd1SArrigo Marchiori unsigned int len) 44685ffcd1SArrigo Marchiori { 45685ffcd1SArrigo Marchiori SECItem *dsasig = NULL; /* also used for ECDSA */ 46685ffcd1SArrigo Marchiori- SECStatus rv = SECSuccess; 47685ffcd1SArrigo Marchiori 48685ffcd1SArrigo Marchiori- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) && 49685ffcd1SArrigo Marchiori- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) { 50685ffcd1SArrigo Marchiori- if (sig->len != len) { 51685ffcd1SArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_DER); 52685ffcd1SArrigo Marchiori- return SECFailure; 53685ffcd1SArrigo Marchiori+ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */ 54685ffcd1SArrigo Marchiori+ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) { 55685ffcd1SArrigo Marchiori+ if (len > DSA_MAX_SIGNATURE_LEN) { 56685ffcd1SArrigo Marchiori+ goto loser; 57685ffcd1SArrigo Marchiori } 58685ffcd1SArrigo Marchiori- 59685ffcd1SArrigo Marchiori- PORT_Memcpy(dsig, sig->data, sig->len); 60685ffcd1SArrigo Marchiori- return SECSuccess; 61685ffcd1SArrigo Marchiori- } 62685ffcd1SArrigo Marchiori- 63685ffcd1SArrigo Marchiori- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { 64685ffcd1SArrigo Marchiori+ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { 65685ffcd1SArrigo Marchiori if (len > MAX_ECKEY_LEN * 2) { 66685ffcd1SArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_DER); 67685ffcd1SArrigo Marchiori- return SECFailure; 68685ffcd1SArrigo Marchiori+ goto loser; 69685ffcd1SArrigo Marchiori } 70685ffcd1SArrigo Marchiori- } 71685ffcd1SArrigo Marchiori- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); 72685ffcd1SArrigo Marchiori- 73685ffcd1SArrigo Marchiori- if ((dsasig == NULL) || (dsasig->len != len)) { 74685ffcd1SArrigo Marchiori- rv = SECFailure; 75685ffcd1SArrigo Marchiori } else { 76685ffcd1SArrigo Marchiori- PORT_Memcpy(dsig, dsasig->data, dsasig->len); 77685ffcd1SArrigo Marchiori+ goto loser; 78685ffcd1SArrigo Marchiori } 79685ffcd1SArrigo Marchiori 80685ffcd1SArrigo Marchiori- if (dsasig != NULL) 81685ffcd1SArrigo Marchiori+ /* Decode and pad to length */ 82685ffcd1SArrigo Marchiori+ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); 83685ffcd1SArrigo Marchiori+ if (dsasig == NULL) { 84685ffcd1SArrigo Marchiori+ goto loser; 85685ffcd1SArrigo Marchiori+ } 86685ffcd1SArrigo Marchiori+ if (dsasig->len != len) { 87685ffcd1SArrigo Marchiori SECITEM_FreeItem(dsasig, PR_TRUE); 88685ffcd1SArrigo Marchiori- if (rv == SECFailure) 89685ffcd1SArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_DER); 90685ffcd1SArrigo Marchiori- return rv; 91685ffcd1SArrigo Marchiori+ goto loser; 92685ffcd1SArrigo Marchiori+ } 93685ffcd1SArrigo Marchiori+ 94685ffcd1SArrigo Marchiori+ PORT_Memcpy(dsig, dsasig->data, len); 95685ffcd1SArrigo Marchiori+ SECITEM_FreeItem(dsasig, PR_TRUE); 96685ffcd1SArrigo Marchiori+ 97685ffcd1SArrigo Marchiori+ return SECSuccess; 98685ffcd1SArrigo Marchiori+ 99685ffcd1SArrigo Marchiori+loser: 100685ffcd1SArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_DER); 101685ffcd1SArrigo Marchiori+ return SECFailure; 102685ffcd1SArrigo Marchiori } 103685ffcd1SArrigo Marchiori 104685ffcd1SArrigo Marchiori const SEC_ASN1Template hashParameterTemplate[] = 105685ffcd1SArrigo Marchiori@@ -231,7 +262,7 @@ 106685ffcd1SArrigo Marchiori sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, 107685ffcd1SArrigo Marchiori const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg) 108685ffcd1SArrigo Marchiori { 109685ffcd1SArrigo Marchiori- int len; 110685ffcd1SArrigo Marchiori+ unsigned int len; 111685ffcd1SArrigo Marchiori PLArenaPool *arena; 112685ffcd1SArrigo Marchiori SECStatus rv; 113685ffcd1SArrigo Marchiori SECItem oid; 114685ffcd1SArrigo Marchiori@@ -458,48 +489,52 @@ 115685ffcd1SArrigo Marchiori cx->pkcs1RSADigestInfo = NULL; 116685ffcd1SArrigo Marchiori rv = SECSuccess; 117685ffcd1SArrigo Marchiori if (sig) { 118685ffcd1SArrigo Marchiori- switch (type) { 119685ffcd1SArrigo Marchiori- case rsaKey: 120685ffcd1SArrigo Marchiori- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, 121685ffcd1SArrigo Marchiori- &cx->pkcs1RSADigestInfo, 122685ffcd1SArrigo Marchiori- &cx->pkcs1RSADigestInfoLen, 123685ffcd1SArrigo Marchiori- cx->key, 124685ffcd1SArrigo Marchiori- sig, wincx); 125685ffcd1SArrigo Marchiori- break; 126685ffcd1SArrigo Marchiori- case rsaPssKey: 127685ffcd1SArrigo Marchiori- sigLen = SECKEY_SignatureLen(key); 128685ffcd1SArrigo Marchiori- if (sigLen == 0) { 129685ffcd1SArrigo Marchiori- /* error set by SECKEY_SignatureLen */ 130685ffcd1SArrigo Marchiori- rv = SECFailure; 131685ffcd1SArrigo Marchiori+ rv = SECFailure; 132685ffcd1SArrigo Marchiori+ if (type == rsaKey) { 133685ffcd1SArrigo Marchiori+ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, 134685ffcd1SArrigo Marchiori+ &cx->pkcs1RSADigestInfo, 135685ffcd1SArrigo Marchiori+ &cx->pkcs1RSADigestInfoLen, 136685ffcd1SArrigo Marchiori+ cx->key, 137685ffcd1SArrigo Marchiori+ sig, wincx); 138685ffcd1SArrigo Marchiori+ } else { 139685ffcd1SArrigo Marchiori+ sigLen = checkedSignatureLen(key); 140685ffcd1SArrigo Marchiori+ /* Check signature length is within limits */ 141685ffcd1SArrigo Marchiori+ if (sigLen == 0) { 142685ffcd1SArrigo Marchiori+ /* error set by checkedSignatureLen */ 143685ffcd1SArrigo Marchiori+ rv = SECFailure; 144685ffcd1SArrigo Marchiori+ goto loser; 145685ffcd1SArrigo Marchiori+ } 146685ffcd1SArrigo Marchiori+ if (sigLen > sizeof(cx->u)) { 147685ffcd1SArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 148685ffcd1SArrigo Marchiori+ rv = SECFailure; 149685ffcd1SArrigo Marchiori+ goto loser; 150685ffcd1SArrigo Marchiori+ } 151685ffcd1SArrigo Marchiori+ switch (type) { 152685ffcd1SArrigo Marchiori+ case rsaPssKey: 153685ffcd1SArrigo Marchiori+ if (sig->len != sigLen) { 154685ffcd1SArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 155685ffcd1SArrigo Marchiori+ rv = SECFailure; 156685ffcd1SArrigo Marchiori+ goto loser; 157685ffcd1SArrigo Marchiori+ } 158685ffcd1SArrigo Marchiori+ PORT_Memcpy(cx->u.buffer, sig->data, sigLen); 159685ffcd1SArrigo Marchiori+ rv = SECSuccess; 160685ffcd1SArrigo Marchiori break; 161685ffcd1SArrigo Marchiori- } 162685ffcd1SArrigo Marchiori- if (sig->len != sigLen) { 163685ffcd1SArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 164685ffcd1SArrigo Marchiori- rv = SECFailure; 165685ffcd1SArrigo Marchiori+ case ecKey: 166685ffcd1SArrigo Marchiori+ case dsaKey: 167685ffcd1SArrigo Marchiori+ /* decodeECorDSASignature will check sigLen == sig->len after padding */ 168685ffcd1SArrigo Marchiori+ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); 169685ffcd1SArrigo Marchiori break; 170685ffcd1SArrigo Marchiori- } 171685ffcd1SArrigo Marchiori- PORT_Memcpy(cx->u.buffer, sig->data, sigLen); 172685ffcd1SArrigo Marchiori- break; 173685ffcd1SArrigo Marchiori- case dsaKey: 174685ffcd1SArrigo Marchiori- case ecKey: 175685ffcd1SArrigo Marchiori- sigLen = SECKEY_SignatureLen(key); 176685ffcd1SArrigo Marchiori- if (sigLen == 0) { 177685ffcd1SArrigo Marchiori- /* error set by SECKEY_SignatureLen */ 178685ffcd1SArrigo Marchiori+ default: 179685ffcd1SArrigo Marchiori+ /* Unreachable */ 180685ffcd1SArrigo Marchiori rv = SECFailure; 181685ffcd1SArrigo Marchiori- break; 182685ffcd1SArrigo Marchiori- } 183685ffcd1SArrigo Marchiori- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); 184685ffcd1SArrigo Marchiori- break; 185685ffcd1SArrigo Marchiori- default: 186685ffcd1SArrigo Marchiori- rv = SECFailure; 187685ffcd1SArrigo Marchiori- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); 188685ffcd1SArrigo Marchiori- break; 189685ffcd1SArrigo Marchiori+ goto loser; 190685ffcd1SArrigo Marchiori+ } 191685ffcd1SArrigo Marchiori+ } 192685ffcd1SArrigo Marchiori+ if (rv != SECSuccess) { 193685ffcd1SArrigo Marchiori+ goto loser; 194685ffcd1SArrigo Marchiori } 195685ffcd1SArrigo Marchiori } 196685ffcd1SArrigo Marchiori 197685ffcd1SArrigo Marchiori- if (rv) 198685ffcd1SArrigo Marchiori- goto loser; 199685ffcd1SArrigo Marchiori- 200685ffcd1SArrigo Marchiori /* check hash alg again, RSA may have changed it.*/ 201685ffcd1SArrigo Marchiori if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) { 202685ffcd1SArrigo Marchiori /* error set by HASH_GetHashTypeByOidTag */ 203685ffcd1SArrigo Marchiori@@ -634,11 +669,16 @@ 204685ffcd1SArrigo Marchiori switch (cx->key->keyType) { 205685ffcd1SArrigo Marchiori case ecKey: 206685ffcd1SArrigo Marchiori case dsaKey: 207685ffcd1SArrigo Marchiori- dsasig.data = cx->u.buffer; 208685ffcd1SArrigo Marchiori- dsasig.len = SECKEY_SignatureLen(cx->key); 209685ffcd1SArrigo Marchiori+ dsasig.len = checkedSignatureLen(cx->key); 210685ffcd1SArrigo Marchiori if (dsasig.len == 0) { 211685ffcd1SArrigo Marchiori return SECFailure; 212685ffcd1SArrigo Marchiori } 213685ffcd1SArrigo Marchiori+ if (dsasig.len > sizeof(cx->u)) { 214685ffcd1SArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 215685ffcd1SArrigo Marchiori+ return SECFailure; 216685ffcd1SArrigo Marchiori+ } 217685ffcd1SArrigo Marchiori+ dsasig.data = cx->u.buffer; 218685ffcd1SArrigo Marchiori+ 219685ffcd1SArrigo Marchiori if (sig) { 220685ffcd1SArrigo Marchiori rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data, 221685ffcd1SArrigo Marchiori dsasig.len); 222685ffcd1SArrigo Marchiori@@ -680,8 +720,13 @@ 223685ffcd1SArrigo Marchiori return SECFailure; 224685ffcd1SArrigo Marchiori } 225685ffcd1SArrigo Marchiori rsasig.data = cx->u.buffer; 226685ffcd1SArrigo Marchiori- rsasig.len = SECKEY_SignatureLen(cx->key); 227685ffcd1SArrigo Marchiori+ rsasig.len = checkedSignatureLen(cx->key); 228685ffcd1SArrigo Marchiori if (rsasig.len == 0) { 229685ffcd1SArrigo Marchiori+ /* Error set by checkedSignatureLen */ 230685ffcd1SArrigo Marchiori+ return SECFailure; 231685ffcd1SArrigo Marchiori+ } 232685ffcd1SArrigo Marchiori+ if (rsasig.len > sizeof(cx->u)) { 233685ffcd1SArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 234685ffcd1SArrigo Marchiori return SECFailure; 235685ffcd1SArrigo Marchiori } 236685ffcd1SArrigo Marchiori if (sig) { 237685ffcd1SArrigo Marchiori@@ -743,7 +788,6 @@ 238685ffcd1SArrigo Marchiori SECStatus rv; 239685ffcd1SArrigo Marchiori VFYContext *cx; 240685ffcd1SArrigo Marchiori SECItem dsasig; /* also used for ECDSA */ 241685ffcd1SArrigo Marchiori- 242685ffcd1SArrigo Marchiori rv = SECFailure; 243685ffcd1SArrigo Marchiori 244685ffcd1SArrigo Marchiori cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx); 245685ffcd1SArrigo Marchiori@@ -751,19 +795,25 @@ 246685ffcd1SArrigo Marchiori switch (key->keyType) { 247685ffcd1SArrigo Marchiori case rsaKey: 248685ffcd1SArrigo Marchiori rv = verifyPKCS1DigestInfo(cx, digest); 249685ffcd1SArrigo Marchiori+ /* Error (if any) set by verifyPKCS1DigestInfo */ 250685ffcd1SArrigo Marchiori break; 251685ffcd1SArrigo Marchiori- case dsaKey: 252685ffcd1SArrigo Marchiori case ecKey: 253685ffcd1SArrigo Marchiori+ case dsaKey: 254685ffcd1SArrigo Marchiori dsasig.data = cx->u.buffer; 255685ffcd1SArrigo Marchiori- dsasig.len = SECKEY_SignatureLen(cx->key); 256685ffcd1SArrigo Marchiori+ dsasig.len = checkedSignatureLen(cx->key); 257685ffcd1SArrigo Marchiori if (dsasig.len == 0) { 258685ffcd1SArrigo Marchiori+ /* Error set by checkedSignatureLen */ 259685ffcd1SArrigo Marchiori+ rv = SECFailure; 260685ffcd1SArrigo Marchiori break; 261685ffcd1SArrigo Marchiori } 262685ffcd1SArrigo Marchiori- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) != 263685ffcd1SArrigo Marchiori- SECSuccess) { 264685ffcd1SArrigo Marchiori+ if (dsasig.len > sizeof(cx->u)) { 265685ffcd1SArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 266685ffcd1SArrigo Marchiori+ rv = SECFailure; 267685ffcd1SArrigo Marchiori+ break; 268685ffcd1SArrigo Marchiori+ } 269685ffcd1SArrigo Marchiori+ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx); 270685ffcd1SArrigo Marchiori+ if (rv != SECSuccess) { 271685ffcd1SArrigo Marchiori PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 272685ffcd1SArrigo Marchiori- } else { 273685ffcd1SArrigo Marchiori- rv = SECSuccess; 274685ffcd1SArrigo Marchiori } 275685ffcd1SArrigo Marchiori break; 276685ffcd1SArrigo Marchiori default: 277