1*685ffcd1SArrigo Marchioridiff -ur misc/nss-3.39/nss/lib/cryptohi/secvfy.c misc/build/nss-3.39/nss/lib/cryptohi/secvfy.c 2*685ffcd1SArrigo Marchiori--- misc/nss-3.39/nss/lib/cryptohi/secvfy.c 2018-08-31 14:55:53.000000000 +0200 3*685ffcd1SArrigo Marchiori+++ misc/build/nss-3.39/nss/lib/cryptohi/secvfy.c 2022-02-05 22:36:19.617132698 +0100 4*685ffcd1SArrigo Marchiori@@ -164,6 +164,37 @@ 5*685ffcd1SArrigo Marchiori PR_FALSE /*XXX: unsafeAllowMissingParameters*/); 6*685ffcd1SArrigo Marchiori } 7*685ffcd1SArrigo Marchiori 8*685ffcd1SArrigo Marchiori+static unsigned int 9*685ffcd1SArrigo Marchiori+checkedSignatureLen(const SECKEYPublicKey *pubk) 10*685ffcd1SArrigo Marchiori+{ 11*685ffcd1SArrigo Marchiori+ unsigned int sigLen = SECKEY_SignatureLen(pubk); 12*685ffcd1SArrigo Marchiori+ if (sigLen == 0) { 13*685ffcd1SArrigo Marchiori+ /* Error set by SECKEY_SignatureLen */ 14*685ffcd1SArrigo Marchiori+ return sigLen; 15*685ffcd1SArrigo Marchiori+ } 16*685ffcd1SArrigo Marchiori+ unsigned int maxSigLen; 17*685ffcd1SArrigo Marchiori+ switch (pubk->keyType) { 18*685ffcd1SArrigo Marchiori+ case rsaKey: 19*685ffcd1SArrigo Marchiori+ case rsaPssKey: 20*685ffcd1SArrigo Marchiori+ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8; 21*685ffcd1SArrigo Marchiori+ break; 22*685ffcd1SArrigo Marchiori+ case dsaKey: 23*685ffcd1SArrigo Marchiori+ maxSigLen = DSA_MAX_SIGNATURE_LEN; 24*685ffcd1SArrigo Marchiori+ break; 25*685ffcd1SArrigo Marchiori+ case ecKey: 26*685ffcd1SArrigo Marchiori+ maxSigLen = 2 * MAX_ECKEY_LEN; 27*685ffcd1SArrigo Marchiori+ break; 28*685ffcd1SArrigo Marchiori+ default: 29*685ffcd1SArrigo Marchiori+ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); 30*685ffcd1SArrigo Marchiori+ return 0; 31*685ffcd1SArrigo Marchiori+ } 32*685ffcd1SArrigo Marchiori+ if (sigLen > maxSigLen) { 33*685ffcd1SArrigo Marchiori+ PORT_SetError(SEC_ERROR_INVALID_KEY); 34*685ffcd1SArrigo Marchiori+ return 0; 35*685ffcd1SArrigo Marchiori+ } 36*685ffcd1SArrigo Marchiori+ return sigLen; 37*685ffcd1SArrigo Marchiori+} 38*685ffcd1SArrigo Marchiori+ 39*685ffcd1SArrigo Marchiori /* 40*685ffcd1SArrigo Marchiori * decode the ECDSA or DSA signature from it's DER wrapping. 41*685ffcd1SArrigo Marchiori * The unwrapped/raw signature is placed in the buffer pointed 42*685ffcd1SArrigo Marchiori@@ -174,38 +205,38 @@ 43*685ffcd1SArrigo Marchiori unsigned int len) 44*685ffcd1SArrigo Marchiori { 45*685ffcd1SArrigo Marchiori SECItem *dsasig = NULL; /* also used for ECDSA */ 46*685ffcd1SArrigo Marchiori- SECStatus rv = SECSuccess; 47*685ffcd1SArrigo Marchiori 48*685ffcd1SArrigo Marchiori- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) && 49*685ffcd1SArrigo Marchiori- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) { 50*685ffcd1SArrigo Marchiori- if (sig->len != len) { 51*685ffcd1SArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_DER); 52*685ffcd1SArrigo Marchiori- return SECFailure; 53*685ffcd1SArrigo Marchiori+ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */ 54*685ffcd1SArrigo Marchiori+ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) { 55*685ffcd1SArrigo Marchiori+ if (len > DSA_MAX_SIGNATURE_LEN) { 56*685ffcd1SArrigo Marchiori+ goto loser; 57*685ffcd1SArrigo Marchiori } 58*685ffcd1SArrigo Marchiori- 59*685ffcd1SArrigo Marchiori- PORT_Memcpy(dsig, sig->data, sig->len); 60*685ffcd1SArrigo Marchiori- return SECSuccess; 61*685ffcd1SArrigo Marchiori- } 62*685ffcd1SArrigo Marchiori- 63*685ffcd1SArrigo Marchiori- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { 64*685ffcd1SArrigo Marchiori+ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { 65*685ffcd1SArrigo Marchiori if (len > MAX_ECKEY_LEN * 2) { 66*685ffcd1SArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_DER); 67*685ffcd1SArrigo Marchiori- return SECFailure; 68*685ffcd1SArrigo Marchiori+ goto loser; 69*685ffcd1SArrigo Marchiori } 70*685ffcd1SArrigo Marchiori- } 71*685ffcd1SArrigo Marchiori- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); 72*685ffcd1SArrigo Marchiori- 73*685ffcd1SArrigo Marchiori- if ((dsasig == NULL) || (dsasig->len != len)) { 74*685ffcd1SArrigo Marchiori- rv = SECFailure; 75*685ffcd1SArrigo Marchiori } else { 76*685ffcd1SArrigo Marchiori- PORT_Memcpy(dsig, dsasig->data, dsasig->len); 77*685ffcd1SArrigo Marchiori+ goto loser; 78*685ffcd1SArrigo Marchiori } 79*685ffcd1SArrigo Marchiori 80*685ffcd1SArrigo Marchiori- if (dsasig != NULL) 81*685ffcd1SArrigo Marchiori+ /* Decode and pad to length */ 82*685ffcd1SArrigo Marchiori+ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); 83*685ffcd1SArrigo Marchiori+ if (dsasig == NULL) { 84*685ffcd1SArrigo Marchiori+ goto loser; 85*685ffcd1SArrigo Marchiori+ } 86*685ffcd1SArrigo Marchiori+ if (dsasig->len != len) { 87*685ffcd1SArrigo Marchiori SECITEM_FreeItem(dsasig, PR_TRUE); 88*685ffcd1SArrigo Marchiori- if (rv == SECFailure) 89*685ffcd1SArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_DER); 90*685ffcd1SArrigo Marchiori- return rv; 91*685ffcd1SArrigo Marchiori+ goto loser; 92*685ffcd1SArrigo Marchiori+ } 93*685ffcd1SArrigo Marchiori+ 94*685ffcd1SArrigo Marchiori+ PORT_Memcpy(dsig, dsasig->data, len); 95*685ffcd1SArrigo Marchiori+ SECITEM_FreeItem(dsasig, PR_TRUE); 96*685ffcd1SArrigo Marchiori+ 97*685ffcd1SArrigo Marchiori+ return SECSuccess; 98*685ffcd1SArrigo Marchiori+ 99*685ffcd1SArrigo Marchiori+loser: 100*685ffcd1SArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_DER); 101*685ffcd1SArrigo Marchiori+ return SECFailure; 102*685ffcd1SArrigo Marchiori } 103*685ffcd1SArrigo Marchiori 104*685ffcd1SArrigo Marchiori const SEC_ASN1Template hashParameterTemplate[] = 105*685ffcd1SArrigo Marchiori@@ -231,7 +262,7 @@ 106*685ffcd1SArrigo Marchiori sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, 107*685ffcd1SArrigo Marchiori const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg) 108*685ffcd1SArrigo Marchiori { 109*685ffcd1SArrigo Marchiori- int len; 110*685ffcd1SArrigo Marchiori+ unsigned int len; 111*685ffcd1SArrigo Marchiori PLArenaPool *arena; 112*685ffcd1SArrigo Marchiori SECStatus rv; 113*685ffcd1SArrigo Marchiori SECItem oid; 114*685ffcd1SArrigo Marchiori@@ -458,48 +489,52 @@ 115*685ffcd1SArrigo Marchiori cx->pkcs1RSADigestInfo = NULL; 116*685ffcd1SArrigo Marchiori rv = SECSuccess; 117*685ffcd1SArrigo Marchiori if (sig) { 118*685ffcd1SArrigo Marchiori- switch (type) { 119*685ffcd1SArrigo Marchiori- case rsaKey: 120*685ffcd1SArrigo Marchiori- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, 121*685ffcd1SArrigo Marchiori- &cx->pkcs1RSADigestInfo, 122*685ffcd1SArrigo Marchiori- &cx->pkcs1RSADigestInfoLen, 123*685ffcd1SArrigo Marchiori- cx->key, 124*685ffcd1SArrigo Marchiori- sig, wincx); 125*685ffcd1SArrigo Marchiori- break; 126*685ffcd1SArrigo Marchiori- case rsaPssKey: 127*685ffcd1SArrigo Marchiori- sigLen = SECKEY_SignatureLen(key); 128*685ffcd1SArrigo Marchiori- if (sigLen == 0) { 129*685ffcd1SArrigo Marchiori- /* error set by SECKEY_SignatureLen */ 130*685ffcd1SArrigo Marchiori- rv = SECFailure; 131*685ffcd1SArrigo Marchiori+ rv = SECFailure; 132*685ffcd1SArrigo Marchiori+ if (type == rsaKey) { 133*685ffcd1SArrigo Marchiori+ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, 134*685ffcd1SArrigo Marchiori+ &cx->pkcs1RSADigestInfo, 135*685ffcd1SArrigo Marchiori+ &cx->pkcs1RSADigestInfoLen, 136*685ffcd1SArrigo Marchiori+ cx->key, 137*685ffcd1SArrigo Marchiori+ sig, wincx); 138*685ffcd1SArrigo Marchiori+ } else { 139*685ffcd1SArrigo Marchiori+ sigLen = checkedSignatureLen(key); 140*685ffcd1SArrigo Marchiori+ /* Check signature length is within limits */ 141*685ffcd1SArrigo Marchiori+ if (sigLen == 0) { 142*685ffcd1SArrigo Marchiori+ /* error set by checkedSignatureLen */ 143*685ffcd1SArrigo Marchiori+ rv = SECFailure; 144*685ffcd1SArrigo Marchiori+ goto loser; 145*685ffcd1SArrigo Marchiori+ } 146*685ffcd1SArrigo Marchiori+ if (sigLen > sizeof(cx->u)) { 147*685ffcd1SArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 148*685ffcd1SArrigo Marchiori+ rv = SECFailure; 149*685ffcd1SArrigo Marchiori+ goto loser; 150*685ffcd1SArrigo Marchiori+ } 151*685ffcd1SArrigo Marchiori+ switch (type) { 152*685ffcd1SArrigo Marchiori+ case rsaPssKey: 153*685ffcd1SArrigo Marchiori+ if (sig->len != sigLen) { 154*685ffcd1SArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 155*685ffcd1SArrigo Marchiori+ rv = SECFailure; 156*685ffcd1SArrigo Marchiori+ goto loser; 157*685ffcd1SArrigo Marchiori+ } 158*685ffcd1SArrigo Marchiori+ PORT_Memcpy(cx->u.buffer, sig->data, sigLen); 159*685ffcd1SArrigo Marchiori+ rv = SECSuccess; 160*685ffcd1SArrigo Marchiori break; 161*685ffcd1SArrigo Marchiori- } 162*685ffcd1SArrigo Marchiori- if (sig->len != sigLen) { 163*685ffcd1SArrigo Marchiori- PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 164*685ffcd1SArrigo Marchiori- rv = SECFailure; 165*685ffcd1SArrigo Marchiori+ case ecKey: 166*685ffcd1SArrigo Marchiori+ case dsaKey: 167*685ffcd1SArrigo Marchiori+ /* decodeECorDSASignature will check sigLen == sig->len after padding */ 168*685ffcd1SArrigo Marchiori+ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); 169*685ffcd1SArrigo Marchiori break; 170*685ffcd1SArrigo Marchiori- } 171*685ffcd1SArrigo Marchiori- PORT_Memcpy(cx->u.buffer, sig->data, sigLen); 172*685ffcd1SArrigo Marchiori- break; 173*685ffcd1SArrigo Marchiori- case dsaKey: 174*685ffcd1SArrigo Marchiori- case ecKey: 175*685ffcd1SArrigo Marchiori- sigLen = SECKEY_SignatureLen(key); 176*685ffcd1SArrigo Marchiori- if (sigLen == 0) { 177*685ffcd1SArrigo Marchiori- /* error set by SECKEY_SignatureLen */ 178*685ffcd1SArrigo Marchiori+ default: 179*685ffcd1SArrigo Marchiori+ /* Unreachable */ 180*685ffcd1SArrigo Marchiori rv = SECFailure; 181*685ffcd1SArrigo Marchiori- break; 182*685ffcd1SArrigo Marchiori- } 183*685ffcd1SArrigo Marchiori- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); 184*685ffcd1SArrigo Marchiori- break; 185*685ffcd1SArrigo Marchiori- default: 186*685ffcd1SArrigo Marchiori- rv = SECFailure; 187*685ffcd1SArrigo Marchiori- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); 188*685ffcd1SArrigo Marchiori- break; 189*685ffcd1SArrigo Marchiori+ goto loser; 190*685ffcd1SArrigo Marchiori+ } 191*685ffcd1SArrigo Marchiori+ } 192*685ffcd1SArrigo Marchiori+ if (rv != SECSuccess) { 193*685ffcd1SArrigo Marchiori+ goto loser; 194*685ffcd1SArrigo Marchiori } 195*685ffcd1SArrigo Marchiori } 196*685ffcd1SArrigo Marchiori 197*685ffcd1SArrigo Marchiori- if (rv) 198*685ffcd1SArrigo Marchiori- goto loser; 199*685ffcd1SArrigo Marchiori- 200*685ffcd1SArrigo Marchiori /* check hash alg again, RSA may have changed it.*/ 201*685ffcd1SArrigo Marchiori if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) { 202*685ffcd1SArrigo Marchiori /* error set by HASH_GetHashTypeByOidTag */ 203*685ffcd1SArrigo Marchiori@@ -634,11 +669,16 @@ 204*685ffcd1SArrigo Marchiori switch (cx->key->keyType) { 205*685ffcd1SArrigo Marchiori case ecKey: 206*685ffcd1SArrigo Marchiori case dsaKey: 207*685ffcd1SArrigo Marchiori- dsasig.data = cx->u.buffer; 208*685ffcd1SArrigo Marchiori- dsasig.len = SECKEY_SignatureLen(cx->key); 209*685ffcd1SArrigo Marchiori+ dsasig.len = checkedSignatureLen(cx->key); 210*685ffcd1SArrigo Marchiori if (dsasig.len == 0) { 211*685ffcd1SArrigo Marchiori return SECFailure; 212*685ffcd1SArrigo Marchiori } 213*685ffcd1SArrigo Marchiori+ if (dsasig.len > sizeof(cx->u)) { 214*685ffcd1SArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 215*685ffcd1SArrigo Marchiori+ return SECFailure; 216*685ffcd1SArrigo Marchiori+ } 217*685ffcd1SArrigo Marchiori+ dsasig.data = cx->u.buffer; 218*685ffcd1SArrigo Marchiori+ 219*685ffcd1SArrigo Marchiori if (sig) { 220*685ffcd1SArrigo Marchiori rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data, 221*685ffcd1SArrigo Marchiori dsasig.len); 222*685ffcd1SArrigo Marchiori@@ -680,8 +720,13 @@ 223*685ffcd1SArrigo Marchiori return SECFailure; 224*685ffcd1SArrigo Marchiori } 225*685ffcd1SArrigo Marchiori rsasig.data = cx->u.buffer; 226*685ffcd1SArrigo Marchiori- rsasig.len = SECKEY_SignatureLen(cx->key); 227*685ffcd1SArrigo Marchiori+ rsasig.len = checkedSignatureLen(cx->key); 228*685ffcd1SArrigo Marchiori if (rsasig.len == 0) { 229*685ffcd1SArrigo Marchiori+ /* Error set by checkedSignatureLen */ 230*685ffcd1SArrigo Marchiori+ return SECFailure; 231*685ffcd1SArrigo Marchiori+ } 232*685ffcd1SArrigo Marchiori+ if (rsasig.len > sizeof(cx->u)) { 233*685ffcd1SArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 234*685ffcd1SArrigo Marchiori return SECFailure; 235*685ffcd1SArrigo Marchiori } 236*685ffcd1SArrigo Marchiori if (sig) { 237*685ffcd1SArrigo Marchiori@@ -743,7 +788,6 @@ 238*685ffcd1SArrigo Marchiori SECStatus rv; 239*685ffcd1SArrigo Marchiori VFYContext *cx; 240*685ffcd1SArrigo Marchiori SECItem dsasig; /* also used for ECDSA */ 241*685ffcd1SArrigo Marchiori- 242*685ffcd1SArrigo Marchiori rv = SECFailure; 243*685ffcd1SArrigo Marchiori 244*685ffcd1SArrigo Marchiori cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx); 245*685ffcd1SArrigo Marchiori@@ -751,19 +795,25 @@ 246*685ffcd1SArrigo Marchiori switch (key->keyType) { 247*685ffcd1SArrigo Marchiori case rsaKey: 248*685ffcd1SArrigo Marchiori rv = verifyPKCS1DigestInfo(cx, digest); 249*685ffcd1SArrigo Marchiori+ /* Error (if any) set by verifyPKCS1DigestInfo */ 250*685ffcd1SArrigo Marchiori break; 251*685ffcd1SArrigo Marchiori- case dsaKey: 252*685ffcd1SArrigo Marchiori case ecKey: 253*685ffcd1SArrigo Marchiori+ case dsaKey: 254*685ffcd1SArrigo Marchiori dsasig.data = cx->u.buffer; 255*685ffcd1SArrigo Marchiori- dsasig.len = SECKEY_SignatureLen(cx->key); 256*685ffcd1SArrigo Marchiori+ dsasig.len = checkedSignatureLen(cx->key); 257*685ffcd1SArrigo Marchiori if (dsasig.len == 0) { 258*685ffcd1SArrigo Marchiori+ /* Error set by checkedSignatureLen */ 259*685ffcd1SArrigo Marchiori+ rv = SECFailure; 260*685ffcd1SArrigo Marchiori break; 261*685ffcd1SArrigo Marchiori } 262*685ffcd1SArrigo Marchiori- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) != 263*685ffcd1SArrigo Marchiori- SECSuccess) { 264*685ffcd1SArrigo Marchiori+ if (dsasig.len > sizeof(cx->u)) { 265*685ffcd1SArrigo Marchiori+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 266*685ffcd1SArrigo Marchiori+ rv = SECFailure; 267*685ffcd1SArrigo Marchiori+ break; 268*685ffcd1SArrigo Marchiori+ } 269*685ffcd1SArrigo Marchiori+ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx); 270*685ffcd1SArrigo Marchiori+ if (rv != SECSuccess) { 271*685ffcd1SArrigo Marchiori PORT_SetError(SEC_ERROR_BAD_SIGNATURE); 272*685ffcd1SArrigo Marchiori- } else { 273*685ffcd1SArrigo Marchiori- rv = SECSuccess; 274*685ffcd1SArrigo Marchiori } 275*685ffcd1SArrigo Marchiori break; 276*685ffcd1SArrigo Marchiori default: 277