feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

fix check on RSA key size

Browse Source
This commit is contained in:
Jacob Barthelmeh
2016-04-14 09:33:25 -06:00
parent 4d38813b0c
commit f998851642
4 changed files with 66 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
wolfcrypt/src/error.c
View File

@@ -377,6 +377,9 @@ const char* wc_GetErrorString(int error)
case WC_PENDING_E: case WC_PENDING_E:
return "wolfCrypt Operation Pending (would block / eagain) error"; return "wolfCrypt Operation Pending (would block / eagain) error";
case WC_KEY_SIZE_E:
return "Key size error, either too small or large";
default: default:
return "unknown error number"; return "unknown error number";

41
wolfcrypt/src/rsa.c
View File

@@ -413,8 +413,7 @@ static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
} }
#endif #endif
if ((ret = wc_Hash(hType, optLabel, labelLen, if ((ret = wc_Hash(hType, optLabel, labelLen, lHash, hLen)) != 0) {
lHash, hLen)) != 0) {
WOLFSSL_MSG("OAEP hash type possibly not supported or lHash to small"); WOLFSSL_MSG("OAEP hash type possibly not supported or lHash to small");
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -542,21 +541,33 @@ static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
word32 pkcsBlockLen, byte padValue, WC_RNG* rng) word32 pkcsBlockLen, byte padValue, WC_RNG* rng)
{ {
if (inputLen == 0) if (inputLen == 0 || pkcsBlockLen == 0) {
return 0; return BAD_FUNC_ARG;
}
pkcsBlock[0] = 0x0; /* set first byte to zero and advance */ pkcsBlock[0] = 0x0; /* set first byte to zero and advance */
pkcsBlock++; pkcsBlockLen--; pkcsBlock++; pkcsBlockLen--;
pkcsBlock[0] = padValue; /* insert padValue */ pkcsBlock[0] = padValue; /* insert padValue */
if (padValue == RSA_BLOCK_TYPE_1) if (padValue == RSA_BLOCK_TYPE_1) {
if (pkcsBlockLen < inputLen + 2) {
return RSA_PAD_E;
}
/* pad with 0xff bytes */ /* pad with 0xff bytes */
XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2); XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
}
else { else {
/* pad with non-zero random bytes */ /* pad with non-zero random bytes */
word32 padLen = pkcsBlockLen - inputLen - 1, i; word32 padLen, i;
int ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen); int ret;
if (pkcsBlockLen < inputLen + 1) {
return RSA_PAD_E;
}
padLen = pkcsBlockLen - inputLen - 1;
ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);
if (ret != 0) if (ret != 0)
return ret; return ret;
@@ -701,6 +712,10 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
i = 1, i = 1,
outputLen; outputLen;
if (pkcsBlockLen == 0) {
return BAD_FUNC_ARG;
}
if (pkcsBlock[0] != 0x0) /* skip past zero */ if (pkcsBlock[0] != 0x0) /* skip past zero */
invalid = 1; invalid = 1;
pkcsBlock++; pkcsBlockLen--; pkcsBlock++; pkcsBlockLen--;
@@ -882,6 +897,10 @@ int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
if (sz > (int)outLen) if (sz > (int)outLen)
return RSA_BUFFER_E; return RSA_BUFFER_E;
if (sz < RSA_MIN_PAD_SZ) {
return WC_KEY_SIZE_E;
}
if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) if (inLen > (word32)(sz - RSA_MIN_PAD_SZ))
return RSA_BUFFER_E; return RSA_BUFFER_E;
@@ -925,6 +944,10 @@ int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
if (sz > (int)outLen) if (sz > (int)outLen)
return RSA_BUFFER_E; return RSA_BUFFER_E;
if (sz < RSA_MIN_PAD_SZ) {
return WC_KEY_SIZE_E;
}
if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) if (inLen > (word32)(sz - RSA_MIN_PAD_SZ))
return RSA_BUFFER_E; return RSA_BUFFER_E;
@@ -1180,6 +1203,10 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
if (sz > (int)outLen) if (sz > (int)outLen)
return RSA_BUFFER_E; return RSA_BUFFER_E;
if (sz < RSA_MIN_PAD_SZ) {
return WC_KEY_SIZE_E;
}
if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) if (inLen > (word32)(sz - RSA_MIN_PAD_SZ))
return RSA_BUFFER_E; return RSA_BUFFER_E;

32
wolfcrypt/user-crypto/src/rsa.c
View File

@@ -528,20 +528,33 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
word32 pkcsBlockLen, byte padValue, WC_RNG* rng) word32 pkcsBlockLen, byte padValue, WC_RNG* rng)
{ {
if (inputLen == 0) if (inputLen == 0 || pkcsBlockLen == 0) {
return 0; return USER_CRYPTO_ERROR;
}
pkcsBlock[0] = 0x0; /* set first byte to zero and advance */ pkcsBlock[0] = 0x0; /* set first byte to zero and advance */
pkcsBlock++; pkcsBlockLen--; pkcsBlock++; pkcsBlockLen--;
pkcsBlock[0] = padValue; /* insert padValue */ pkcsBlock[0] = padValue; /* insert padValue */
if (padValue == RSA_BLOCK_TYPE_1) if (padValue == RSA_BLOCK_TYPE_1) {
if (pkcsBlockLen < inputLen + 2) {
return USER_CRYPTO_ERROR;
}
/* pad with 0xff bytes */ /* pad with 0xff bytes */
XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2); XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
}
else { else {
/* pad with non-zero random bytes */ /* pad with non-zero random bytes */
word32 padLen = pkcsBlockLen - inputLen - 1, i; word32 padLen, i;
int ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen); int ret;
if (pkcsBlockLen < inputLen + 1) {
return USER_CRYPTO_ERROR;
}
padLen = pkcsBlockLen - inputLen - 1;
ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);
if (ret != 0) if (ret != 0)
return ret; return ret;
@@ -568,6 +581,10 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
i = 1, i = 1,
outputLen; outputLen;
if (pkcsBlockLen == 0) {
return USER_CRYPTO_ERROR;
}
if (pkcsBlock[0] != 0x0) /* skip past zero */ if (pkcsBlock[0] != 0x0) /* skip past zero */
invalid = 1; invalid = 1;
pkcsBlock++; pkcsBlockLen--; pkcsBlock++; pkcsBlockLen--;
@@ -1612,6 +1629,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
if (sz < RSA_MIN_PAD_SZ) {
USER_DEBUG(("Key size is too small\n"));
return USER_CRYPTO_ERROR;
}
if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) { if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) {
USER_DEBUG(("Bad argument inLen to wc_RsaSSL_Sign\n")); USER_DEBUG(("Bad argument inLen to wc_RsaSSL_Sign\n"));
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;

2
wolfssl/wolfcrypt/error-crypt.h
View File

@@ -169,6 +169,8 @@ enum {
HASH_TYPE_E = -232, /* Hash Type not enabled/available */ HASH_TYPE_E = -232, /* Hash Type not enabled/available */
WC_PENDING_E = -233, /* wolfCrypt operation pending (would block) */ WC_PENDING_E = -233, /* wolfCrypt operation pending (would block) */
WC_KEY_SIZE_E = -234, /* Key size error, either too small or large */
MIN_CODE_E = -300 /* errors -101 - -299 */ MIN_CODE_E = -300 /* errors -101 - -299 */
/* add new companion error id strings for any new error codes /* add new companion error id strings for any new error codes