14fd7cfbcSArrigo Marchioridiff -ur misc/nss-3.39/nss/lib/cryptohi/secvfy.c misc/build/nss-3.39/nss/lib/cryptohi/secvfy.c 24fd7cfbcSArrigo Marchiori--- misc/nss-3.39/nss/lib/cryptohi/secvfy.c 2018-08-31 14:55:53.000000000 +0200 34fd7cfbcSArrigo Marchiori+++ misc/build/nss-3.39/nss/lib/cryptohi/secvfy.c 2022-02-05 22:36:19.617132698 +0100 44fd7cfbcSArrigo Marchiori@@ -164,6 +164,37 @@ 54fd7cfbcSArrigo Marchiori PR_FALSE /*XXX: unsafeAllowMissingParameters*/); 64fd7cfbcSArrigo Marchiori } 74fd7cfbcSArrigo Marchiori 84fd7cfbcSArrigo Marchiori+static unsigned int 94fd7cfbcSArrigo Marchiori+checkedSignatureLen(const SECKEYPublicKey *pubk) 104fd7cfbcSArrigo Marchiori+{ 114fd7cfbcSArrigo Marchiori+ unsigned int sigLen = SECKEY_SignatureLen(pubk); 12*bea0c630SArrigo Marchiori+ unsigned int maxSigLen; 134fd7cfbcSArrigo Marchiori+ if (sigLen == 0) { 144fd7cfbcSArrigo Marchiori+ /* Error set by SECKEY_SignatureLen */ 154fd7cfbcSArrigo Marchiori+ return sigLen; 164fd7cfbcSArrigo Marchiori+ } 174fd7cfbcSArrigo Marchiori+ switch (pubk->keyType) { 184fd7cfbcSArrigo Marchiori+ case rsaKey: 194fd7cfbcSArrigo Marchiori+ case rsaPssKey: 204fd7cfbcSArrigo Marchiori+ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8; 214fd7cfbcSArrigo Marchiori+ break; 224fd7cfbcSArrigo Marchiori+ case dsaKey: 234fd7cfbcSArrigo Marchiori+ maxSigLen = DSA_MAX_SIGNATURE_LEN; 244fd7cfbcSArrigo Marchiori+ break; 254fd7cfbcSArrigo Marchiori+ case ecKey: 264fd7cfbcSArrigo Marchiori+ maxSigLen = 2 * MAX_ECKEY_LEN; 274fd7cfbcSArrigo Marchiori+ break; 284fd7cfbcSArrigo Marchiori+ default: 294fd7cfbcSArrigo Marchiori+ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); 304fd7cfbcSArrigo Marchiori+ return 0; 314fd7cfbcSArrigo Marchiori+ } 324fd7cfbcSArrigo Marchiori+ if (sigLen > maxSigLen) { 334fd7cfbcSArrigo Marchiori+ PORT_SetError(SEC_ERROR_INVALID_KEY); 344fd7cfbcSArrigo Marchiori+ return 0; 354fd7cfbcSArrigo Marchiori+ } 364fd7cfbcSArrigo Marchiori+ return sigLen; 374fd7cfbcSArrigo Marchiori+} 384fd7cfbcSArrigo Marchiori+ 394fd7cfbcSArrigo Marchiori /* 404fd7cfbcSArrigo Marchiori * decode the ECDSA or DSA signature from it's DER wrapping. 414fd7cfbcSArrigo Marchiori * The unwrapped/raw signature is placed in the buffer pointed 424fd7cfbcSArrigo Marchiori@@ -174,38 +205,38 @@ 434fd7cfbcSArrigo Marchiori unsigned int len) 444fd7cfbcSArrigo Marchiori { 454fd7cfbcSArrigo Marchiori SECItem *dsasig = NULL; /* also used for ECDSA */ 464fd7cfbcSArrigo Marchiori- SECStatus rv = SECSuccess; 474fd7cfbcSArrigo Marchiori 484fd7cfbcSArrigo Marchiori- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) && 494fd7cfbcSArrigo Marchiori- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) { 504fd7cfbcSArrigo Marchiori- if (sig->len != len) { 514fd7cfbcSArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_DER); 524fd7cfbcSArrigo Marchiori- return SECFailure; 534fd7cfbcSArrigo Marchiori+ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */ 544fd7cfbcSArrigo Marchiori+ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) { 554fd7cfbcSArrigo Marchiori+ if (len > DSA_MAX_SIGNATURE_LEN) { 564fd7cfbcSArrigo Marchiori+ goto loser; 574fd7cfbcSArrigo Marchiori } 584fd7cfbcSArrigo Marchiori- 594fd7cfbcSArrigo Marchiori- PORT_Memcpy(dsig, sig->data, sig->len); 604fd7cfbcSArrigo Marchiori- return SECSuccess; 614fd7cfbcSArrigo Marchiori- } 624fd7cfbcSArrigo Marchiori- 634fd7cfbcSArrigo Marchiori- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { 644fd7cfbcSArrigo Marchiori+ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { 654fd7cfbcSArrigo Marchiori if (len > MAX_ECKEY_LEN * 2) { 664fd7cfbcSArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_DER); 674fd7cfbcSArrigo Marchiori- return SECFailure; 684fd7cfbcSArrigo Marchiori+ goto loser; 694fd7cfbcSArrigo Marchiori } 704fd7cfbcSArrigo Marchiori- } 714fd7cfbcSArrigo Marchiori- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); 724fd7cfbcSArrigo Marchiori- 734fd7cfbcSArrigo Marchiori- if ((dsasig == NULL) || (dsasig->len != len)) { 744fd7cfbcSArrigo Marchiori- rv = SECFailure; 754fd7cfbcSArrigo Marchiori } else { 764fd7cfbcSArrigo Marchiori- PORT_Memcpy(dsig, dsasig->data, dsasig->len); 774fd7cfbcSArrigo Marchiori+ goto loser; 784fd7cfbcSArrigo Marchiori } 794fd7cfbcSArrigo Marchiori 804fd7cfbcSArrigo Marchiori- if (dsasig != NULL) 814fd7cfbcSArrigo Marchiori+ /* Decode and pad to length */ 824fd7cfbcSArrigo Marchiori+ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); 834fd7cfbcSArrigo Marchiori+ if (dsasig == NULL) { 844fd7cfbcSArrigo Marchiori+ goto loser; 854fd7cfbcSArrigo Marchiori+ } 864fd7cfbcSArrigo Marchiori+ if (dsasig->len != len) { 874fd7cfbcSArrigo Marchiori SECITEM_FreeItem(dsasig, PR_TRUE); 884fd7cfbcSArrigo Marchiori- if (rv == SECFailure) 894fd7cfbcSArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_DER); 904fd7cfbcSArrigo Marchiori- return rv; 914fd7cfbcSArrigo Marchiori+ goto loser; 924fd7cfbcSArrigo Marchiori+ } 934fd7cfbcSArrigo Marchiori+ 944fd7cfbcSArrigo Marchiori+ PORT_Memcpy(dsig, dsasig->data, len); 954fd7cfbcSArrigo Marchiori+ SECITEM_FreeItem(dsasig, PR_TRUE); 964fd7cfbcSArrigo Marchiori+ 974fd7cfbcSArrigo Marchiori+ return SECSuccess; 984fd7cfbcSArrigo Marchiori+ 994fd7cfbcSArrigo Marchiori+loser: 1004fd7cfbcSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_DER); 1014fd7cfbcSArrigo Marchiori+ return SECFailure; 1024fd7cfbcSArrigo Marchiori } 1034fd7cfbcSArrigo Marchiori 1044fd7cfbcSArrigo Marchiori const SEC_ASN1Template hashParameterTemplate[] = 1054fd7cfbcSArrigo Marchiori@@ -231,7 +262,7 @@ 1064fd7cfbcSArrigo Marchiori sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, 1074fd7cfbcSArrigo Marchiori const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg) 1084fd7cfbcSArrigo Marchiori { 1094fd7cfbcSArrigo Marchiori- int len; 1104fd7cfbcSArrigo Marchiori+ unsigned int len; 1114fd7cfbcSArrigo Marchiori PLArenaPool *arena; 1124fd7cfbcSArrigo Marchiori SECStatus rv; 1134fd7cfbcSArrigo Marchiori SECItem oid; 1144fd7cfbcSArrigo Marchiori@@ -458,48 +489,52 @@ 1154fd7cfbcSArrigo Marchiori cx->pkcs1RSADigestInfo = NULL; 1164fd7cfbcSArrigo Marchiori rv = SECSuccess; 1174fd7cfbcSArrigo Marchiori if (sig) { 1184fd7cfbcSArrigo Marchiori- switch (type) { 1194fd7cfbcSArrigo Marchiori- case rsaKey: 1204fd7cfbcSArrigo Marchiori- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, 1214fd7cfbcSArrigo Marchiori- &cx->pkcs1RSADigestInfo, 1224fd7cfbcSArrigo Marchiori- &cx->pkcs1RSADigestInfoLen, 1234fd7cfbcSArrigo Marchiori- cx->key, 1244fd7cfbcSArrigo Marchiori- sig, wincx); 1254fd7cfbcSArrigo Marchiori- break; 1264fd7cfbcSArrigo Marchiori- case rsaPssKey: 1274fd7cfbcSArrigo Marchiori- sigLen = SECKEY_SignatureLen(key); 1284fd7cfbcSArrigo Marchiori- if (sigLen == 0) { 1294fd7cfbcSArrigo Marchiori- /* error set by SECKEY_SignatureLen */ 1304fd7cfbcSArrigo Marchiori- rv = SECFailure; 1314fd7cfbcSArrigo Marchiori+ rv = SECFailure; 1324fd7cfbcSArrigo Marchiori+ if (type == rsaKey) { 1334fd7cfbcSArrigo Marchiori+ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, 1344fd7cfbcSArrigo Marchiori+ &cx->pkcs1RSADigestInfo, 1354fd7cfbcSArrigo Marchiori+ &cx->pkcs1RSADigestInfoLen, 1364fd7cfbcSArrigo Marchiori+ cx->key, 1374fd7cfbcSArrigo Marchiori+ sig, wincx); 1384fd7cfbcSArrigo Marchiori+ } else { 1394fd7cfbcSArrigo Marchiori+ sigLen = checkedSignatureLen(key); 1404fd7cfbcSArrigo Marchiori+ /* Check signature length is within limits */ 1414fd7cfbcSArrigo Marchiori+ if (sigLen == 0) { 1424fd7cfbcSArrigo Marchiori+ /* error set by checkedSignatureLen */ 1434fd7cfbcSArrigo Marchiori+ rv = SECFailure; 1444fd7cfbcSArrigo Marchiori+ goto loser; 1454fd7cfbcSArrigo Marchiori+ } 1464fd7cfbcSArrigo Marchiori+ if (sigLen > sizeof(cx->u)) { 1474fd7cfbcSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 1484fd7cfbcSArrigo Marchiori+ rv = SECFailure; 1494fd7cfbcSArrigo Marchiori+ goto loser; 1504fd7cfbcSArrigo Marchiori+ } 1514fd7cfbcSArrigo Marchiori+ switch (type) { 1524fd7cfbcSArrigo Marchiori+ case rsaPssKey: 1534fd7cfbcSArrigo Marchiori+ if (sig->len != sigLen) { 1544fd7cfbcSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 1554fd7cfbcSArrigo Marchiori+ rv = SECFailure; 1564fd7cfbcSArrigo Marchiori+ goto loser; 1574fd7cfbcSArrigo Marchiori+ } 1584fd7cfbcSArrigo Marchiori+ PORT_Memcpy(cx->u.buffer, sig->data, sigLen); 1594fd7cfbcSArrigo Marchiori+ rv = SECSuccess; 1604fd7cfbcSArrigo Marchiori break; 1614fd7cfbcSArrigo Marchiori- } 1624fd7cfbcSArrigo Marchiori- if (sig->len != sigLen) { 1634fd7cfbcSArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 1644fd7cfbcSArrigo Marchiori- rv = SECFailure; 1654fd7cfbcSArrigo Marchiori+ case ecKey: 1664fd7cfbcSArrigo Marchiori+ case dsaKey: 1674fd7cfbcSArrigo Marchiori+ /* decodeECorDSASignature will check sigLen == sig->len after padding */ 1684fd7cfbcSArrigo Marchiori+ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); 1694fd7cfbcSArrigo Marchiori break; 1704fd7cfbcSArrigo Marchiori- } 1714fd7cfbcSArrigo Marchiori- PORT_Memcpy(cx->u.buffer, sig->data, sigLen); 1724fd7cfbcSArrigo Marchiori- break; 1734fd7cfbcSArrigo Marchiori- case dsaKey: 1744fd7cfbcSArrigo Marchiori- case ecKey: 1754fd7cfbcSArrigo Marchiori- sigLen = SECKEY_SignatureLen(key); 1764fd7cfbcSArrigo Marchiori- if (sigLen == 0) { 1774fd7cfbcSArrigo Marchiori- /* error set by SECKEY_SignatureLen */ 1784fd7cfbcSArrigo Marchiori+ default: 1794fd7cfbcSArrigo Marchiori+ /* Unreachable */ 1804fd7cfbcSArrigo Marchiori rv = SECFailure; 1814fd7cfbcSArrigo Marchiori- break; 1824fd7cfbcSArrigo Marchiori- } 1834fd7cfbcSArrigo Marchiori- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); 1844fd7cfbcSArrigo Marchiori- break; 1854fd7cfbcSArrigo Marchiori- default: 1864fd7cfbcSArrigo Marchiori- rv = SECFailure; 1874fd7cfbcSArrigo Marchiori- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); 1884fd7cfbcSArrigo Marchiori- break; 1894fd7cfbcSArrigo Marchiori+ goto loser; 1904fd7cfbcSArrigo Marchiori+ } 1914fd7cfbcSArrigo Marchiori+ } 1924fd7cfbcSArrigo Marchiori+ if (rv != SECSuccess) { 1934fd7cfbcSArrigo Marchiori+ goto loser; 1944fd7cfbcSArrigo Marchiori } 1954fd7cfbcSArrigo Marchiori } 1964fd7cfbcSArrigo Marchiori 1974fd7cfbcSArrigo Marchiori- if (rv) 1984fd7cfbcSArrigo Marchiori- goto loser; 1994fd7cfbcSArrigo Marchiori- 2004fd7cfbcSArrigo Marchiori /* check hash alg again, RSA may have changed it.*/ 2014fd7cfbcSArrigo Marchiori if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) { 2024fd7cfbcSArrigo Marchiori /* error set by HASH_GetHashTypeByOidTag */ 2034fd7cfbcSArrigo Marchiori@@ -634,11 +669,16 @@ 2044fd7cfbcSArrigo Marchiori switch (cx->key->keyType) { 2054fd7cfbcSArrigo Marchiori case ecKey: 2064fd7cfbcSArrigo Marchiori case dsaKey: 2074fd7cfbcSArrigo Marchiori- dsasig.data = cx->u.buffer; 2084fd7cfbcSArrigo Marchiori- dsasig.len = SECKEY_SignatureLen(cx->key); 2094fd7cfbcSArrigo Marchiori+ dsasig.len = checkedSignatureLen(cx->key); 2104fd7cfbcSArrigo Marchiori if (dsasig.len == 0) { 2114fd7cfbcSArrigo Marchiori return SECFailure; 2124fd7cfbcSArrigo Marchiori } 2134fd7cfbcSArrigo Marchiori+ if (dsasig.len > sizeof(cx->u)) { 2144fd7cfbcSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 2154fd7cfbcSArrigo Marchiori+ return SECFailure; 2164fd7cfbcSArrigo Marchiori+ } 2174fd7cfbcSArrigo Marchiori+ dsasig.data = cx->u.buffer; 2184fd7cfbcSArrigo Marchiori+ 2194fd7cfbcSArrigo Marchiori if (sig) { 2204fd7cfbcSArrigo Marchiori rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data, 2214fd7cfbcSArrigo Marchiori dsasig.len); 2224fd7cfbcSArrigo Marchiori@@ -680,8 +720,13 @@ 2234fd7cfbcSArrigo Marchiori return SECFailure; 2244fd7cfbcSArrigo Marchiori } 2254fd7cfbcSArrigo Marchiori rsasig.data = cx->u.buffer; 2264fd7cfbcSArrigo Marchiori- rsasig.len = SECKEY_SignatureLen(cx->key); 2274fd7cfbcSArrigo Marchiori+ rsasig.len = checkedSignatureLen(cx->key); 2284fd7cfbcSArrigo Marchiori if (rsasig.len == 0) { 2294fd7cfbcSArrigo Marchiori+ /* Error set by checkedSignatureLen */ 2304fd7cfbcSArrigo Marchiori+ return SECFailure; 2314fd7cfbcSArrigo Marchiori+ } 2324fd7cfbcSArrigo Marchiori+ if (rsasig.len > sizeof(cx->u)) { 2334fd7cfbcSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 2344fd7cfbcSArrigo Marchiori return SECFailure; 2354fd7cfbcSArrigo Marchiori } 2364fd7cfbcSArrigo Marchiori if (sig) { 2374fd7cfbcSArrigo Marchiori@@ -743,7 +788,6 @@ 2384fd7cfbcSArrigo Marchiori SECStatus rv; 2394fd7cfbcSArrigo Marchiori VFYContext *cx; 2404fd7cfbcSArrigo Marchiori SECItem dsasig; /* also used for ECDSA */ 2414fd7cfbcSArrigo Marchiori- 2424fd7cfbcSArrigo Marchiori rv = SECFailure; 2434fd7cfbcSArrigo Marchiori 2444fd7cfbcSArrigo Marchiori cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx); 2454fd7cfbcSArrigo Marchiori@@ -751,19 +795,25 @@ 2464fd7cfbcSArrigo Marchiori switch (key->keyType) { 2474fd7cfbcSArrigo Marchiori case rsaKey: 2484fd7cfbcSArrigo Marchiori rv = verifyPKCS1DigestInfo(cx, digest); 2494fd7cfbcSArrigo Marchiori+ /* Error (if any) set by verifyPKCS1DigestInfo */ 2504fd7cfbcSArrigo Marchiori break; 2514fd7cfbcSArrigo Marchiori- case dsaKey: 2524fd7cfbcSArrigo Marchiori case ecKey: 2534fd7cfbcSArrigo Marchiori+ case dsaKey: 2544fd7cfbcSArrigo Marchiori dsasig.data = cx->u.buffer; 2554fd7cfbcSArrigo Marchiori- dsasig.len = SECKEY_SignatureLen(cx->key); 2564fd7cfbcSArrigo Marchiori+ dsasig.len = checkedSignatureLen(cx->key); 2574fd7cfbcSArrigo Marchiori if (dsasig.len == 0) { 2584fd7cfbcSArrigo Marchiori+ /* Error set by checkedSignatureLen */ 2594fd7cfbcSArrigo Marchiori+ rv = SECFailure; 2604fd7cfbcSArrigo Marchiori break; 2614fd7cfbcSArrigo Marchiori } 2624fd7cfbcSArrigo Marchiori- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) != 2634fd7cfbcSArrigo Marchiori- SECSuccess) { 2644fd7cfbcSArrigo Marchiori+ if (dsasig.len > sizeof(cx->u)) { 2654fd7cfbcSArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 2664fd7cfbcSArrigo Marchiori+ rv = SECFailure; 2674fd7cfbcSArrigo Marchiori+ break; 2684fd7cfbcSArrigo Marchiori+ } 2694fd7cfbcSArrigo Marchiori+ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx); 2704fd7cfbcSArrigo Marchiori+ if (rv != SECSuccess) { 2714fd7cfbcSArrigo Marchiori PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 2724fd7cfbcSArrigo Marchiori- } else { 2734fd7cfbcSArrigo Marchiori- rv = SECSuccess; 2744fd7cfbcSArrigo Marchiori } 2754fd7cfbcSArrigo Marchiori break; 2764fd7cfbcSArrigo Marchiori default: 277