1*4fd7cfbcSArrigo Marchioridiff -ur misc/nss-3.39/nss/lib/cryptohi/secvfy.c misc/build/nss-3.39/nss/lib/cryptohi/secvfy.c 2*4fd7cfbcSArrigo Marchiori--- misc/nss-3.39/nss/lib/cryptohi/secvfy.c 2018-08-31 14:55:53.000000000 +0200 3*4fd7cfbcSArrigo Marchiori+++ misc/build/nss-3.39/nss/lib/cryptohi/secvfy.c 2022-02-05 22:36:19.617132698 +0100 4*4fd7cfbcSArrigo Marchiori@@ -164,6 +164,37 @@ 5*4fd7cfbcSArrigo Marchiori PR_FALSE /*XXX: unsafeAllowMissingParameters*/); 6*4fd7cfbcSArrigo Marchiori } 7*4fd7cfbcSArrigo Marchiori 8*4fd7cfbcSArrigo Marchiori+static unsigned int 9*4fd7cfbcSArrigo Marchiori+checkedSignatureLen(const SECKEYPublicKey *pubk) 10*4fd7cfbcSArrigo Marchiori+{ 11*4fd7cfbcSArrigo Marchiori+ unsigned int sigLen = SECKEY_SignatureLen(pubk); 12*4fd7cfbcSArrigo Marchiori+ if (sigLen == 0) { 13*4fd7cfbcSArrigo Marchiori+ /* Error set by SECKEY_SignatureLen */ 14*4fd7cfbcSArrigo Marchiori+ return sigLen; 15*4fd7cfbcSArrigo Marchiori+ } 16*4fd7cfbcSArrigo Marchiori+ unsigned int maxSigLen; 17*4fd7cfbcSArrigo Marchiori+ switch (pubk->keyType) { 18*4fd7cfbcSArrigo Marchiori+ case rsaKey: 19*4fd7cfbcSArrigo Marchiori+ case rsaPssKey: 20*4fd7cfbcSArrigo Marchiori+ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8; 21*4fd7cfbcSArrigo Marchiori+ break; 22*4fd7cfbcSArrigo Marchiori+ case dsaKey: 23*4fd7cfbcSArrigo Marchiori+ maxSigLen = DSA_MAX_SIGNATURE_LEN; 24*4fd7cfbcSArrigo Marchiori+ break; 25*4fd7cfbcSArrigo Marchiori+ case ecKey: 26*4fd7cfbcSArrigo Marchiori+ maxSigLen = 2 * MAX_ECKEY_LEN; 27*4fd7cfbcSArrigo Marchiori+ break; 28*4fd7cfbcSArrigo Marchiori+ default: 29*4fd7cfbcSArrigo Marchiori+ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); 30*4fd7cfbcSArrigo Marchiori+ return 0; 31*4fd7cfbcSArrigo Marchiori+ } 32*4fd7cfbcSArrigo Marchiori+ if (sigLen > maxSigLen) { 33*4fd7cfbcSArrigo Marchiori+ PORT_SetError(SEC_ERROR_INVALID_KEY); 34*4fd7cfbcSArrigo Marchiori+ return 0; 35*4fd7cfbcSArrigo Marchiori+ } 36*4fd7cfbcSArrigo Marchiori+ return sigLen; 37*4fd7cfbcSArrigo Marchiori+} 38*4fd7cfbcSArrigo Marchiori+ 39*4fd7cfbcSArrigo Marchiori /* 40*4fd7cfbcSArrigo Marchiori * decode the ECDSA or DSA signature from it's DER wrapping. 41*4fd7cfbcSArrigo Marchiori * The unwrapped/raw signature is placed in the buffer pointed 42*4fd7cfbcSArrigo Marchiori@@ -174,38 +205,38 @@ 43*4fd7cfbcSArrigo Marchiori unsigned int len) 44*4fd7cfbcSArrigo Marchiori { 45*4fd7cfbcSArrigo Marchiori SECItem *dsasig = NULL; /* also used for ECDSA */ 46*4fd7cfbcSArrigo Marchiori- SECStatus rv = SECSuccess; 47*4fd7cfbcSArrigo Marchiori 48*4fd7cfbcSArrigo Marchiori- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) && 49*4fd7cfbcSArrigo Marchiori- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) { 50*4fd7cfbcSArrigo Marchiori- if (sig->len != len) { 51*4fd7cfbcSArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_DER); 52*4fd7cfbcSArrigo Marchiori- return SECFailure; 53*4fd7cfbcSArrigo Marchiori+ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */ 54*4fd7cfbcSArrigo Marchiori+ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) { 55*4fd7cfbcSArrigo Marchiori+ if (len > DSA_MAX_SIGNATURE_LEN) { 56*4fd7cfbcSArrigo Marchiori+ goto loser; 57*4fd7cfbcSArrigo Marchiori } 58*4fd7cfbcSArrigo Marchiori- 59*4fd7cfbcSArrigo Marchiori- PORT_Memcpy(dsig, sig->data, sig->len); 60*4fd7cfbcSArrigo Marchiori- return SECSuccess; 61*4fd7cfbcSArrigo Marchiori- } 62*4fd7cfbcSArrigo Marchiori- 63*4fd7cfbcSArrigo Marchiori- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { 64*4fd7cfbcSArrigo Marchiori+ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { 65*4fd7cfbcSArrigo Marchiori if (len > MAX_ECKEY_LEN * 2) { 66*4fd7cfbcSArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_DER); 67*4fd7cfbcSArrigo Marchiori- return SECFailure; 68*4fd7cfbcSArrigo Marchiori+ goto loser; 69*4fd7cfbcSArrigo Marchiori } 70*4fd7cfbcSArrigo Marchiori- } 71*4fd7cfbcSArrigo Marchiori- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); 72*4fd7cfbcSArrigo Marchiori- 73*4fd7cfbcSArrigo Marchiori- if ((dsasig == NULL) || (dsasig->len != len)) { 74*4fd7cfbcSArrigo Marchiori- rv = SECFailure; 75*4fd7cfbcSArrigo Marchiori } else { 76*4fd7cfbcSArrigo Marchiori- PORT_Memcpy(dsig, dsasig->data, dsasig->len); 77*4fd7cfbcSArrigo Marchiori+ goto loser; 78*4fd7cfbcSArrigo Marchiori } 79*4fd7cfbcSArrigo Marchiori 80*4fd7cfbcSArrigo Marchiori- if (dsasig != NULL) 81*4fd7cfbcSArrigo Marchiori+ /* Decode and pad to length */ 82*4fd7cfbcSArrigo Marchiori+ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); 83*4fd7cfbcSArrigo Marchiori+ if (dsasig == NULL) { 84*4fd7cfbcSArrigo Marchiori+ goto loser; 85*4fd7cfbcSArrigo Marchiori+ } 86*4fd7cfbcSArrigo Marchiori+ if (dsasig->len != len) { 87*4fd7cfbcSArrigo Marchiori SECITEM_FreeItem(dsasig, PR_TRUE); 88*4fd7cfbcSArrigo Marchiori- if (rv == SECFailure) 89*4fd7cfbcSArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_DER); 90*4fd7cfbcSArrigo Marchiori- return rv; 91*4fd7cfbcSArrigo Marchiori+ goto loser; 92*4fd7cfbcSArrigo Marchiori+ } 93*4fd7cfbcSArrigo Marchiori+ 94*4fd7cfbcSArrigo Marchiori+ PORT_Memcpy(dsig, dsasig->data, len); 95*4fd7cfbcSArrigo Marchiori+ SECITEM_FreeItem(dsasig, PR_TRUE); 96*4fd7cfbcSArrigo Marchiori+ 97*4fd7cfbcSArrigo Marchiori+ return SECSuccess; 98*4fd7cfbcSArrigo Marchiori+ 99*4fd7cfbcSArrigo Marchiori+loser: 100*4fd7cfbcSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_DER); 101*4fd7cfbcSArrigo Marchiori+ return SECFailure; 102*4fd7cfbcSArrigo Marchiori } 103*4fd7cfbcSArrigo Marchiori 104*4fd7cfbcSArrigo Marchiori const SEC_ASN1Template hashParameterTemplate[] = 105*4fd7cfbcSArrigo Marchiori@@ -231,7 +262,7 @@ 106*4fd7cfbcSArrigo Marchiori sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, 107*4fd7cfbcSArrigo Marchiori const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg) 108*4fd7cfbcSArrigo Marchiori { 109*4fd7cfbcSArrigo Marchiori- int len; 110*4fd7cfbcSArrigo Marchiori+ unsigned int len; 111*4fd7cfbcSArrigo Marchiori PLArenaPool *arena; 112*4fd7cfbcSArrigo Marchiori SECStatus rv; 113*4fd7cfbcSArrigo Marchiori SECItem oid; 114*4fd7cfbcSArrigo Marchiori@@ -458,48 +489,52 @@ 115*4fd7cfbcSArrigo Marchiori cx->pkcs1RSADigestInfo = NULL; 116*4fd7cfbcSArrigo Marchiori rv = SECSuccess; 117*4fd7cfbcSArrigo Marchiori if (sig) { 118*4fd7cfbcSArrigo Marchiori- switch (type) { 119*4fd7cfbcSArrigo Marchiori- case rsaKey: 120*4fd7cfbcSArrigo Marchiori- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, 121*4fd7cfbcSArrigo Marchiori- &cx->pkcs1RSADigestInfo, 122*4fd7cfbcSArrigo Marchiori- &cx->pkcs1RSADigestInfoLen, 123*4fd7cfbcSArrigo Marchiori- cx->key, 124*4fd7cfbcSArrigo Marchiori- sig, wincx); 125*4fd7cfbcSArrigo Marchiori- break; 126*4fd7cfbcSArrigo Marchiori- case rsaPssKey: 127*4fd7cfbcSArrigo Marchiori- sigLen = SECKEY_SignatureLen(key); 128*4fd7cfbcSArrigo Marchiori- if (sigLen == 0) { 129*4fd7cfbcSArrigo Marchiori- /* error set by SECKEY_SignatureLen */ 130*4fd7cfbcSArrigo Marchiori- rv = SECFailure; 131*4fd7cfbcSArrigo Marchiori+ rv = SECFailure; 132*4fd7cfbcSArrigo Marchiori+ if (type == rsaKey) { 133*4fd7cfbcSArrigo Marchiori+ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, 134*4fd7cfbcSArrigo Marchiori+ &cx->pkcs1RSADigestInfo, 135*4fd7cfbcSArrigo Marchiori+ &cx->pkcs1RSADigestInfoLen, 136*4fd7cfbcSArrigo Marchiori+ cx->key, 137*4fd7cfbcSArrigo Marchiori+ sig, wincx); 138*4fd7cfbcSArrigo Marchiori+ } else { 139*4fd7cfbcSArrigo Marchiori+ sigLen = checkedSignatureLen(key); 140*4fd7cfbcSArrigo Marchiori+ /* Check signature length is within limits */ 141*4fd7cfbcSArrigo Marchiori+ if (sigLen == 0) { 142*4fd7cfbcSArrigo Marchiori+ /* error set by checkedSignatureLen */ 143*4fd7cfbcSArrigo Marchiori+ rv = SECFailure; 144*4fd7cfbcSArrigo Marchiori+ goto loser; 145*4fd7cfbcSArrigo Marchiori+ } 146*4fd7cfbcSArrigo Marchiori+ if (sigLen > sizeof(cx->u)) { 147*4fd7cfbcSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 148*4fd7cfbcSArrigo Marchiori+ rv = SECFailure; 149*4fd7cfbcSArrigo Marchiori+ goto loser; 150*4fd7cfbcSArrigo Marchiori+ } 151*4fd7cfbcSArrigo Marchiori+ switch (type) { 152*4fd7cfbcSArrigo Marchiori+ case rsaPssKey: 153*4fd7cfbcSArrigo Marchiori+ if (sig->len != sigLen) { 154*4fd7cfbcSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 155*4fd7cfbcSArrigo Marchiori+ rv = SECFailure; 156*4fd7cfbcSArrigo Marchiori+ goto loser; 157*4fd7cfbcSArrigo Marchiori+ } 158*4fd7cfbcSArrigo Marchiori+ PORT_Memcpy(cx->u.buffer, sig->data, sigLen); 159*4fd7cfbcSArrigo Marchiori+ rv = SECSuccess; 160*4fd7cfbcSArrigo Marchiori break; 161*4fd7cfbcSArrigo Marchiori- } 162*4fd7cfbcSArrigo Marchiori- if (sig->len != sigLen) { 163*4fd7cfbcSArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 164*4fd7cfbcSArrigo Marchiori- rv = SECFailure; 165*4fd7cfbcSArrigo Marchiori+ case ecKey: 166*4fd7cfbcSArrigo Marchiori+ case dsaKey: 167*4fd7cfbcSArrigo Marchiori+ /* decodeECorDSASignature will check sigLen == sig->len after padding */ 168*4fd7cfbcSArrigo Marchiori+ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); 169*4fd7cfbcSArrigo Marchiori break; 170*4fd7cfbcSArrigo Marchiori- } 171*4fd7cfbcSArrigo Marchiori- PORT_Memcpy(cx->u.buffer, sig->data, sigLen); 172*4fd7cfbcSArrigo Marchiori- break; 173*4fd7cfbcSArrigo Marchiori- case dsaKey: 174*4fd7cfbcSArrigo Marchiori- case ecKey: 175*4fd7cfbcSArrigo Marchiori- sigLen = SECKEY_SignatureLen(key); 176*4fd7cfbcSArrigo Marchiori- if (sigLen == 0) { 177*4fd7cfbcSArrigo Marchiori- /* error set by SECKEY_SignatureLen */ 178*4fd7cfbcSArrigo Marchiori+ default: 179*4fd7cfbcSArrigo Marchiori+ /* Unreachable */ 180*4fd7cfbcSArrigo Marchiori rv = SECFailure; 181*4fd7cfbcSArrigo Marchiori- break; 182*4fd7cfbcSArrigo Marchiori- } 183*4fd7cfbcSArrigo Marchiori- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); 184*4fd7cfbcSArrigo Marchiori- break; 185*4fd7cfbcSArrigo Marchiori- default: 186*4fd7cfbcSArrigo Marchiori- rv = SECFailure; 187*4fd7cfbcSArrigo Marchiori- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); 188*4fd7cfbcSArrigo Marchiori- break; 189*4fd7cfbcSArrigo Marchiori+ goto loser; 190*4fd7cfbcSArrigo Marchiori+ } 191*4fd7cfbcSArrigo Marchiori+ } 192*4fd7cfbcSArrigo Marchiori+ if (rv != SECSuccess) { 193*4fd7cfbcSArrigo Marchiori+ goto loser; 194*4fd7cfbcSArrigo Marchiori } 195*4fd7cfbcSArrigo Marchiori } 196*4fd7cfbcSArrigo Marchiori 197*4fd7cfbcSArrigo Marchiori- if (rv) 198*4fd7cfbcSArrigo Marchiori- goto loser; 199*4fd7cfbcSArrigo Marchiori- 200*4fd7cfbcSArrigo Marchiori /* check hash alg again, RSA may have changed it.*/ 201*4fd7cfbcSArrigo Marchiori if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) { 202*4fd7cfbcSArrigo Marchiori /* error set by HASH_GetHashTypeByOidTag */ 203*4fd7cfbcSArrigo Marchiori@@ -634,11 +669,16 @@ 204*4fd7cfbcSArrigo Marchiori switch (cx->key->keyType) { 205*4fd7cfbcSArrigo Marchiori case ecKey: 206*4fd7cfbcSArrigo Marchiori case dsaKey: 207*4fd7cfbcSArrigo Marchiori- dsasig.data = cx->u.buffer; 208*4fd7cfbcSArrigo Marchiori- dsasig.len = SECKEY_SignatureLen(cx->key); 209*4fd7cfbcSArrigo Marchiori+ dsasig.len = checkedSignatureLen(cx->key); 210*4fd7cfbcSArrigo Marchiori if (dsasig.len == 0) { 211*4fd7cfbcSArrigo Marchiori return SECFailure; 212*4fd7cfbcSArrigo Marchiori } 213*4fd7cfbcSArrigo Marchiori+ if (dsasig.len > sizeof(cx->u)) { 214*4fd7cfbcSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 215*4fd7cfbcSArrigo Marchiori+ return SECFailure; 216*4fd7cfbcSArrigo Marchiori+ } 217*4fd7cfbcSArrigo Marchiori+ dsasig.data = cx->u.buffer; 218*4fd7cfbcSArrigo Marchiori+ 219*4fd7cfbcSArrigo Marchiori if (sig) { 220*4fd7cfbcSArrigo Marchiori rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data, 221*4fd7cfbcSArrigo Marchiori dsasig.len); 222*4fd7cfbcSArrigo Marchiori@@ -680,8 +720,13 @@ 223*4fd7cfbcSArrigo Marchiori return SECFailure; 224*4fd7cfbcSArrigo Marchiori } 225*4fd7cfbcSArrigo Marchiori rsasig.data = cx->u.buffer; 226*4fd7cfbcSArrigo Marchiori- rsasig.len = SECKEY_SignatureLen(cx->key); 227*4fd7cfbcSArrigo Marchiori+ rsasig.len = checkedSignatureLen(cx->key); 228*4fd7cfbcSArrigo Marchiori if (rsasig.len == 0) { 229*4fd7cfbcSArrigo Marchiori+ /* Error set by checkedSignatureLen */ 230*4fd7cfbcSArrigo Marchiori+ return SECFailure; 231*4fd7cfbcSArrigo Marchiori+ } 232*4fd7cfbcSArrigo Marchiori+ if (rsasig.len > sizeof(cx->u)) { 233*4fd7cfbcSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 234*4fd7cfbcSArrigo Marchiori return SECFailure; 235*4fd7cfbcSArrigo Marchiori } 236*4fd7cfbcSArrigo Marchiori if (sig) { 237*4fd7cfbcSArrigo Marchiori@@ -743,7 +788,6 @@ 238*4fd7cfbcSArrigo Marchiori SECStatus rv; 239*4fd7cfbcSArrigo Marchiori VFYContext *cx; 240*4fd7cfbcSArrigo Marchiori SECItem dsasig; /* also used for ECDSA */ 241*4fd7cfbcSArrigo Marchiori- 242*4fd7cfbcSArrigo Marchiori rv = SECFailure; 243*4fd7cfbcSArrigo Marchiori 244*4fd7cfbcSArrigo Marchiori cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx); 245*4fd7cfbcSArrigo Marchiori@@ -751,19 +795,25 @@ 246*4fd7cfbcSArrigo Marchiori switch (key->keyType) { 247*4fd7cfbcSArrigo Marchiori case rsaKey: 248*4fd7cfbcSArrigo Marchiori rv = verifyPKCS1DigestInfo(cx, digest); 249*4fd7cfbcSArrigo Marchiori+ /* Error (if any) set by verifyPKCS1DigestInfo */ 250*4fd7cfbcSArrigo Marchiori break; 251*4fd7cfbcSArrigo Marchiori- case dsaKey: 252*4fd7cfbcSArrigo Marchiori case ecKey: 253*4fd7cfbcSArrigo Marchiori+ case dsaKey: 254*4fd7cfbcSArrigo Marchiori dsasig.data = cx->u.buffer; 255*4fd7cfbcSArrigo Marchiori- dsasig.len = SECKEY_SignatureLen(cx->key); 256*4fd7cfbcSArrigo Marchiori+ dsasig.len = checkedSignatureLen(cx->key); 257*4fd7cfbcSArrigo Marchiori if (dsasig.len == 0) { 258*4fd7cfbcSArrigo Marchiori+ /* Error set by checkedSignatureLen */ 259*4fd7cfbcSArrigo Marchiori+ rv = SECFailure; 260*4fd7cfbcSArrigo Marchiori break; 261*4fd7cfbcSArrigo Marchiori } 262*4fd7cfbcSArrigo Marchiori- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) != 263*4fd7cfbcSArrigo Marchiori- SECSuccess) { 264*4fd7cfbcSArrigo Marchiori+ if (dsasig.len > sizeof(cx->u)) { 265*4fd7cfbcSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 266*4fd7cfbcSArrigo Marchiori+ rv = SECFailure; 267*4fd7cfbcSArrigo Marchiori+ break; 268*4fd7cfbcSArrigo Marchiori+ } 269*4fd7cfbcSArrigo Marchiori+ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx); 270*4fd7cfbcSArrigo Marchiori+ if (rv != SECSuccess) { 271*4fd7cfbcSArrigo Marchiori PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 272*4fd7cfbcSArrigo Marchiori- } else { 273*4fd7cfbcSArrigo Marchiori- rv = SECSuccess; 274*4fd7cfbcSArrigo Marchiori } 275*4fd7cfbcSArrigo Marchiori break; 276*4fd7cfbcSArrigo Marchiori default: 277