1568c901eSArrigo Marchioridiff -ur misc/nss-3.39/nss/lib/cryptohi/secvfy.c misc/build/nss-3.39/nss/lib/cryptohi/secvfy.c 2568c901eSArrigo Marchiori--- misc/nss-3.39/nss/lib/cryptohi/secvfy.c 2018-08-31 14:55:53.000000000 +0200 3568c901eSArrigo Marchiori+++ misc/build/nss-3.39/nss/lib/cryptohi/secvfy.c 2022-02-05 22:36:19.617132698 +0100 4568c901eSArrigo Marchiori@@ -164,6 +164,37 @@ 5568c901eSArrigo Marchiori PR_FALSE /*XXX: unsafeAllowMissingParameters*/); 6568c901eSArrigo Marchiori } 7568c901eSArrigo Marchiori 8568c901eSArrigo Marchiori+static unsigned int 9568c901eSArrigo Marchiori+checkedSignatureLen(const SECKEYPublicKey *pubk) 10568c901eSArrigo Marchiori+{ 11568c901eSArrigo Marchiori+ unsigned int sigLen = SECKEY_SignatureLen(pubk); 12*60e0a1c1SArrigo Marchiori+ unsigned int maxSigLen; 13568c901eSArrigo Marchiori+ if (sigLen == 0) { 14568c901eSArrigo Marchiori+ /* Error set by SECKEY_SignatureLen */ 15568c901eSArrigo Marchiori+ return sigLen; 16568c901eSArrigo Marchiori+ } 17568c901eSArrigo Marchiori+ switch (pubk->keyType) { 18568c901eSArrigo Marchiori+ case rsaKey: 19568c901eSArrigo Marchiori+ case rsaPssKey: 20568c901eSArrigo Marchiori+ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8; 21568c901eSArrigo Marchiori+ break; 22568c901eSArrigo Marchiori+ case dsaKey: 23568c901eSArrigo Marchiori+ maxSigLen = DSA_MAX_SIGNATURE_LEN; 24568c901eSArrigo Marchiori+ break; 25568c901eSArrigo Marchiori+ case ecKey: 26568c901eSArrigo Marchiori+ maxSigLen = 2 * MAX_ECKEY_LEN; 27568c901eSArrigo Marchiori+ break; 28568c901eSArrigo Marchiori+ default: 29568c901eSArrigo Marchiori+ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); 30568c901eSArrigo Marchiori+ return 0; 31568c901eSArrigo Marchiori+ } 32568c901eSArrigo Marchiori+ if (sigLen > maxSigLen) { 33568c901eSArrigo Marchiori+ PORT_SetError(SEC_ERROR_INVALID_KEY); 34568c901eSArrigo Marchiori+ return 0; 35568c901eSArrigo Marchiori+ } 36568c901eSArrigo Marchiori+ return sigLen; 37568c901eSArrigo Marchiori+} 38568c901eSArrigo Marchiori+ 39568c901eSArrigo Marchiori /* 40568c901eSArrigo Marchiori * decode the ECDSA or DSA signature from it's DER wrapping. 41568c901eSArrigo Marchiori * The unwrapped/raw signature is placed in the buffer pointed 42568c901eSArrigo Marchiori@@ -174,38 +205,38 @@ 43568c901eSArrigo Marchiori unsigned int len) 44568c901eSArrigo Marchiori { 45568c901eSArrigo Marchiori SECItem *dsasig = NULL; /* also used for ECDSA */ 46568c901eSArrigo Marchiori- SECStatus rv = SECSuccess; 47568c901eSArrigo Marchiori 48568c901eSArrigo Marchiori- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) && 49568c901eSArrigo Marchiori- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) { 50568c901eSArrigo Marchiori- if (sig->len != len) { 51568c901eSArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_DER); 52568c901eSArrigo Marchiori- return SECFailure; 53568c901eSArrigo Marchiori+ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */ 54568c901eSArrigo Marchiori+ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) { 55568c901eSArrigo Marchiori+ if (len > DSA_MAX_SIGNATURE_LEN) { 56568c901eSArrigo Marchiori+ goto loser; 57568c901eSArrigo Marchiori } 58568c901eSArrigo Marchiori- 59568c901eSArrigo Marchiori- PORT_Memcpy(dsig, sig->data, sig->len); 60568c901eSArrigo Marchiori- return SECSuccess; 61568c901eSArrigo Marchiori- } 62568c901eSArrigo Marchiori- 63568c901eSArrigo Marchiori- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { 64568c901eSArrigo Marchiori+ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { 65568c901eSArrigo Marchiori if (len > MAX_ECKEY_LEN * 2) { 66568c901eSArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_DER); 67568c901eSArrigo Marchiori- return SECFailure; 68568c901eSArrigo Marchiori+ goto loser; 69568c901eSArrigo Marchiori } 70568c901eSArrigo Marchiori- } 71568c901eSArrigo Marchiori- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); 72568c901eSArrigo Marchiori- 73568c901eSArrigo Marchiori- if ((dsasig == NULL) || (dsasig->len != len)) { 74568c901eSArrigo Marchiori- rv = SECFailure; 75568c901eSArrigo Marchiori } else { 76568c901eSArrigo Marchiori- PORT_Memcpy(dsig, dsasig->data, dsasig->len); 77568c901eSArrigo Marchiori+ goto loser; 78568c901eSArrigo Marchiori } 79568c901eSArrigo Marchiori 80568c901eSArrigo Marchiori- if (dsasig != NULL) 81568c901eSArrigo Marchiori+ /* Decode and pad to length */ 82568c901eSArrigo Marchiori+ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); 83568c901eSArrigo Marchiori+ if (dsasig == NULL) { 84568c901eSArrigo Marchiori+ goto loser; 85568c901eSArrigo Marchiori+ } 86568c901eSArrigo Marchiori+ if (dsasig->len != len) { 87568c901eSArrigo Marchiori SECITEM_FreeItem(dsasig, PR_TRUE); 88568c901eSArrigo Marchiori- if (rv == SECFailure) 89568c901eSArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_DER); 90568c901eSArrigo Marchiori- return rv; 91568c901eSArrigo Marchiori+ goto loser; 92568c901eSArrigo Marchiori+ } 93568c901eSArrigo Marchiori+ 94568c901eSArrigo Marchiori+ PORT_Memcpy(dsig, dsasig->data, len); 95568c901eSArrigo Marchiori+ SECITEM_FreeItem(dsasig, PR_TRUE); 96568c901eSArrigo Marchiori+ 97568c901eSArrigo Marchiori+ return SECSuccess; 98568c901eSArrigo Marchiori+ 99568c901eSArrigo Marchiori+loser: 100568c901eSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_DER); 101568c901eSArrigo Marchiori+ return SECFailure; 102568c901eSArrigo Marchiori } 103568c901eSArrigo Marchiori 104568c901eSArrigo Marchiori const SEC_ASN1Template hashParameterTemplate[] = 105568c901eSArrigo Marchiori@@ -231,7 +262,7 @@ 106568c901eSArrigo Marchiori sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, 107568c901eSArrigo Marchiori const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg) 108568c901eSArrigo Marchiori { 109568c901eSArrigo Marchiori- int len; 110568c901eSArrigo Marchiori+ unsigned int len; 111568c901eSArrigo Marchiori PLArenaPool *arena; 112568c901eSArrigo Marchiori SECStatus rv; 113568c901eSArrigo Marchiori SECItem oid; 114568c901eSArrigo Marchiori@@ -458,48 +489,52 @@ 115568c901eSArrigo Marchiori cx->pkcs1RSADigestInfo = NULL; 116568c901eSArrigo Marchiori rv = SECSuccess; 117568c901eSArrigo Marchiori if (sig) { 118568c901eSArrigo Marchiori- switch (type) { 119568c901eSArrigo Marchiori- case rsaKey: 120568c901eSArrigo Marchiori- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, 121568c901eSArrigo Marchiori- &cx->pkcs1RSADigestInfo, 122568c901eSArrigo Marchiori- &cx->pkcs1RSADigestInfoLen, 123568c901eSArrigo Marchiori- cx->key, 124568c901eSArrigo Marchiori- sig, wincx); 125568c901eSArrigo Marchiori- break; 126568c901eSArrigo Marchiori- case rsaPssKey: 127568c901eSArrigo Marchiori- sigLen = SECKEY_SignatureLen(key); 128568c901eSArrigo Marchiori- if (sigLen == 0) { 129568c901eSArrigo Marchiori- /* error set by SECKEY_SignatureLen */ 130568c901eSArrigo Marchiori- rv = SECFailure; 131568c901eSArrigo Marchiori+ rv = SECFailure; 132568c901eSArrigo Marchiori+ if (type == rsaKey) { 133568c901eSArrigo Marchiori+ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, 134568c901eSArrigo Marchiori+ &cx->pkcs1RSADigestInfo, 135568c901eSArrigo Marchiori+ &cx->pkcs1RSADigestInfoLen, 136568c901eSArrigo Marchiori+ cx->key, 137568c901eSArrigo Marchiori+ sig, wincx); 138568c901eSArrigo Marchiori+ } else { 139568c901eSArrigo Marchiori+ sigLen = checkedSignatureLen(key); 140568c901eSArrigo Marchiori+ /* Check signature length is within limits */ 141568c901eSArrigo Marchiori+ if (sigLen == 0) { 142568c901eSArrigo Marchiori+ /* error set by checkedSignatureLen */ 143568c901eSArrigo Marchiori+ rv = SECFailure; 144568c901eSArrigo Marchiori+ goto loser; 145568c901eSArrigo Marchiori+ } 146568c901eSArrigo Marchiori+ if (sigLen > sizeof(cx->u)) { 147568c901eSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 148568c901eSArrigo Marchiori+ rv = SECFailure; 149568c901eSArrigo Marchiori+ goto loser; 150568c901eSArrigo Marchiori+ } 151568c901eSArrigo Marchiori+ switch (type) { 152568c901eSArrigo Marchiori+ case rsaPssKey: 153568c901eSArrigo Marchiori+ if (sig->len != sigLen) { 154568c901eSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 155568c901eSArrigo Marchiori+ rv = SECFailure; 156568c901eSArrigo Marchiori+ goto loser; 157568c901eSArrigo Marchiori+ } 158568c901eSArrigo Marchiori+ PORT_Memcpy(cx->u.buffer, sig->data, sigLen); 159568c901eSArrigo Marchiori+ rv = SECSuccess; 160568c901eSArrigo Marchiori break; 161568c901eSArrigo Marchiori- } 162568c901eSArrigo Marchiori- if (sig->len != sigLen) { 163568c901eSArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 164568c901eSArrigo Marchiori- rv = SECFailure; 165568c901eSArrigo Marchiori+ case ecKey: 166568c901eSArrigo Marchiori+ case dsaKey: 167568c901eSArrigo Marchiori+ /* decodeECorDSASignature will check sigLen == sig->len after padding */ 168568c901eSArrigo Marchiori+ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); 169568c901eSArrigo Marchiori break; 170568c901eSArrigo Marchiori- } 171568c901eSArrigo Marchiori- PORT_Memcpy(cx->u.buffer, sig->data, sigLen); 172568c901eSArrigo Marchiori- break; 173568c901eSArrigo Marchiori- case dsaKey: 174568c901eSArrigo Marchiori- case ecKey: 175568c901eSArrigo Marchiori- sigLen = SECKEY_SignatureLen(key); 176568c901eSArrigo Marchiori- if (sigLen == 0) { 177568c901eSArrigo Marchiori- /* error set by SECKEY_SignatureLen */ 178568c901eSArrigo Marchiori+ default: 179568c901eSArrigo Marchiori+ /* Unreachable */ 180568c901eSArrigo Marchiori rv = SECFailure; 181568c901eSArrigo Marchiori- break; 182568c901eSArrigo Marchiori- } 183568c901eSArrigo Marchiori- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); 184568c901eSArrigo Marchiori- break; 185568c901eSArrigo Marchiori- default: 186568c901eSArrigo Marchiori- rv = SECFailure; 187568c901eSArrigo Marchiori- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); 188568c901eSArrigo Marchiori- break; 189568c901eSArrigo Marchiori+ goto loser; 190568c901eSArrigo Marchiori+ } 191568c901eSArrigo Marchiori+ } 192568c901eSArrigo Marchiori+ if (rv != SECSuccess) { 193568c901eSArrigo Marchiori+ goto loser; 194568c901eSArrigo Marchiori } 195568c901eSArrigo Marchiori } 196568c901eSArrigo Marchiori 197568c901eSArrigo Marchiori- if (rv) 198568c901eSArrigo Marchiori- goto loser; 199568c901eSArrigo Marchiori- 200568c901eSArrigo Marchiori /* check hash alg again, RSA may have changed it.*/ 201568c901eSArrigo Marchiori if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) { 202568c901eSArrigo Marchiori /* error set by HASH_GetHashTypeByOidTag */ 203568c901eSArrigo Marchiori@@ -634,11 +669,16 @@ 204568c901eSArrigo Marchiori switch (cx->key->keyType) { 205568c901eSArrigo Marchiori case ecKey: 206568c901eSArrigo Marchiori case dsaKey: 207568c901eSArrigo Marchiori- dsasig.data = cx->u.buffer; 208568c901eSArrigo Marchiori- dsasig.len = SECKEY_SignatureLen(cx->key); 209568c901eSArrigo Marchiori+ dsasig.len = checkedSignatureLen(cx->key); 210568c901eSArrigo Marchiori if (dsasig.len == 0) { 211568c901eSArrigo Marchiori return SECFailure; 212568c901eSArrigo Marchiori } 213568c901eSArrigo Marchiori+ if (dsasig.len > sizeof(cx->u)) { 214568c901eSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 215568c901eSArrigo Marchiori+ return SECFailure; 216568c901eSArrigo Marchiori+ } 217568c901eSArrigo Marchiori+ dsasig.data = cx->u.buffer; 218568c901eSArrigo Marchiori+ 219568c901eSArrigo Marchiori if (sig) { 220568c901eSArrigo Marchiori rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data, 221568c901eSArrigo Marchiori dsasig.len); 222568c901eSArrigo Marchiori@@ -680,8 +720,13 @@ 223568c901eSArrigo Marchiori return SECFailure; 224568c901eSArrigo Marchiori } 225568c901eSArrigo Marchiori rsasig.data = cx->u.buffer; 226568c901eSArrigo Marchiori- rsasig.len = SECKEY_SignatureLen(cx->key); 227568c901eSArrigo Marchiori+ rsasig.len = checkedSignatureLen(cx->key); 228568c901eSArrigo Marchiori if (rsasig.len == 0) { 229568c901eSArrigo Marchiori+ /* Error set by checkedSignatureLen */ 230568c901eSArrigo Marchiori+ return SECFailure; 231568c901eSArrigo Marchiori+ } 232568c901eSArrigo Marchiori+ if (rsasig.len > sizeof(cx->u)) { 233568c901eSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 234568c901eSArrigo Marchiori return SECFailure; 235568c901eSArrigo Marchiori } 236568c901eSArrigo Marchiori if (sig) { 237568c901eSArrigo Marchiori@@ -743,7 +788,6 @@ 238568c901eSArrigo Marchiori SECStatus rv; 239568c901eSArrigo Marchiori VFYContext *cx; 240568c901eSArrigo Marchiori SECItem dsasig; /* also used for ECDSA */ 241568c901eSArrigo Marchiori- 242568c901eSArrigo Marchiori rv = SECFailure; 243568c901eSArrigo Marchiori 244568c901eSArrigo Marchiori cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx); 245568c901eSArrigo Marchiori@@ -751,19 +795,25 @@ 246568c901eSArrigo Marchiori switch (key->keyType) { 247568c901eSArrigo Marchiori case rsaKey: 248568c901eSArrigo Marchiori rv = verifyPKCS1DigestInfo(cx, digest); 249568c901eSArrigo Marchiori+ /* Error (if any) set by verifyPKCS1DigestInfo */ 250568c901eSArrigo Marchiori break; 251568c901eSArrigo Marchiori- case dsaKey: 252568c901eSArrigo Marchiori case ecKey: 253568c901eSArrigo Marchiori+ case dsaKey: 254568c901eSArrigo Marchiori dsasig.data = cx->u.buffer; 255568c901eSArrigo Marchiori- dsasig.len = SECKEY_SignatureLen(cx->key); 256568c901eSArrigo Marchiori+ dsasig.len = checkedSignatureLen(cx->key); 257568c901eSArrigo Marchiori if (dsasig.len == 0) { 258568c901eSArrigo Marchiori+ /* Error set by checkedSignatureLen */ 259568c901eSArrigo Marchiori+ rv = SECFailure; 260568c901eSArrigo Marchiori break; 261568c901eSArrigo Marchiori } 262568c901eSArrigo Marchiori- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) != 263568c901eSArrigo Marchiori- SECSuccess) { 264568c901eSArrigo Marchiori+ if (dsasig.len > sizeof(cx->u)) { 265568c901eSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 266568c901eSArrigo Marchiori+ rv = SECFailure; 267568c901eSArrigo Marchiori+ break; 268568c901eSArrigo Marchiori+ } 269568c901eSArrigo Marchiori+ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx); 270568c901eSArrigo Marchiori+ if (rv != SECSuccess) { 271568c901eSArrigo Marchiori PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 272568c901eSArrigo Marchiori- } else { 273568c901eSArrigo Marchiori- rv = SECSuccess; 274568c901eSArrigo Marchiori } 275568c901eSArrigo Marchiori break; 276568c901eSArrigo Marchiori default: 277