wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

wolfcrypt/src/pkcs7.c: in wc_PKCS7_DecryptKtri(), refactor handling of OAEP keys to fix uninited value access detected by clang-analyzer-core.UndefinedBinaryOperatorResult; fix whitespace.

Browse Source
This commit is contained in:
Daniel Pouzzner
2022-09-07 15:13:36 -05:00
parent 9c88d8ac2c
commit 57a7430b6a
1 changed files with 26 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
wolfcrypt/src/pkcs7.c
View File

@ -8469,7 +8469,6 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
{ {
int length, encryptedKeySz = 0, ret = 0; int length, encryptedKeySz = 0, ret = 0;
int keySz, version, sidType = 0; int keySz, version, sidType = 0;
word32 encOID;
word32 keyIdx; word32 keyIdx;
byte issuerHash[KEYID_SIZE]; byte issuerHash[KEYID_SIZE];
byte* outKey = NULL; byte* outKey = NULL;
@ -8484,9 +8483,6 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
#ifdef WC_RSA_BLINDING #ifdef WC_RSA_BLINDING
WC_RNG rng; WC_RNG rng;
#endif #endif
#ifndef WC_NO_RSA_OAEP
word32 outLen;
#endif
byte* encryptedKey = NULL; byte* encryptedKey = NULL;
@ -8648,19 +8644,29 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
(*idx) += KEYID_SIZE; (*idx) += KEYID_SIZE;
} }
if (GetAlgoId(pkiMsg, idx, &encOID, oidKeyType, pkiMsgSz) < 0) {
return ASN_PARSE_E; word32 encOID = 0;
if (GetAlgoId(pkiMsg, idx, &encOID, oidKeyType, pkiMsgSz) < 0)
return ASN_PARSE_E;
if (encOID != pkcs7->publicKeyOID) {
WOLFSSL_MSG("public key OID found in KTRI doesn't match OID stored earlier.");
WOLFSSL_ERROR(ALGO_ID_E);
return ALGO_ID_E;
}
}
/* key encryption algorithm must be RSA for now */ /* key encryption algorithm must be RSA for now */
if (encOID != RSAk if (pkcs7->publicKeyOID != RSAk
#ifndef WC_NO_RSA_OAEP #ifndef WC_NO_RSA_OAEP
&& encOID != RSAESOAEPk && pkcs7->publicKeyOID != RSAESOAEPk
#endif #endif
) )
return ALGO_ID_E; return ALGO_ID_E;
#ifndef WC_NO_RSA_OAEP #ifndef WC_NO_RSA_OAEP
if (encOID == RSAESOAEPk) { if (pkcs7->publicKeyOID == RSAESOAEPk) {
if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0) { if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0) {
return ASN_PARSE_E; return ASN_PARSE_E;
} }
@ -8697,6 +8703,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
FALL_THROUGH; FALL_THROUGH;
case WC_PKCS7_DECRYPT_KTRI_3: case WC_PKCS7_DECRYPT_KTRI_3:
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
pkcs7->stream->expected, &pkiMsg, idx)) != 0) { pkcs7->stream->expected, &pkiMsg, idx)) != 0) {
@ -8770,7 +8777,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
#endif #endif
{ {
#ifndef WC_NO_RSA_OAEP #ifndef WC_NO_RSA_OAEP
if (encOID != RSAESOAEPk) { if (pkcs7->publicKeyOID != RSAESOAEPk) {
#endif #endif
keySz = wc_RsaPrivateDecryptInline(encryptedKey, keySz = wc_RsaPrivateDecryptInline(encryptedKey,
encryptedKeySz, &outKey, encryptedKeySz, &outKey,
@ -8778,25 +8785,25 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
#ifndef WC_NO_RSA_OAEP #ifndef WC_NO_RSA_OAEP
} }
else { else {
outLen = wc_RsaEncryptSize(privKey); word32 outLen = wc_RsaEncryptSize(privKey);
outKey = (byte*)XMALLOC(outLen, pkcs7->heap, outKey = (byte*)XMALLOC(outLen, pkcs7->heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (!outKey) { if (!outKey) {
WOLFSSL_MSG("Failed to allocate out key buffer"); WOLFSSL_MSG("Failed to allocate out key buffer");
wc_FreeRsaKey(privKey); wc_FreeRsaKey(privKey);
XFREE(encryptedKey, pkcs7->heap, XFREE(encryptedKey, pkcs7->heap,
DYNAMIC_TYPE_WOLF_BIGINT); DYNAMIC_TYPE_WOLF_BIGINT);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(privKey, pkcs7->heap, XFREE(privKey, pkcs7->heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
WOLFSSL_ERROR_VERBOSE(MEMORY_E); WOLFSSL_ERROR_VERBOSE(MEMORY_E);
return MEMORY_E; return MEMORY_E;
} }
keySz = wc_RsaPrivateDecrypt_ex(encryptedKey, keySz = wc_RsaPrivateDecrypt_ex(encryptedKey,
encryptedKeySz, outKey, outLen, privKey, encryptedKeySz, outKey, outLen, privKey,
WC_RSA_OAEP_PAD, WC_RSA_OAEP_PAD,
WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
} }
#endif #endif
@ -8819,7 +8826,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
#ifndef WC_NO_RSA_OAEP #ifndef WC_NO_RSA_OAEP
if (encOID == RSAESOAEPk) { if (pkcs7->publicKeyOID == RSAESOAEPk) {
if (!outKey) { if (!outKey) {
XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
} }
@ -8837,7 +8844,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
#ifndef WC_NO_RSA_OAEP #ifndef WC_NO_RSA_OAEP
if (encOID == RSAESOAEPk) { if (pkcs7->publicKeyOID == RSAESOAEPk) {
if (!outKey) { if (!outKey) {
XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
} }