Fixes for high impact issues

This commit is contained in:
Eric Blankenhorn
2019-03-12 14:49:06 -05:00
parent 7aa159ca6d
commit cffe7eccde
8 changed files with 179 additions and 129 deletions
+29 -24
View File
@@ -8976,36 +8976,41 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
for (;;) {
headerEnd = XSTRNSTR((char*)buff, header, sz);
if (headerEnd || type != PRIVATEKEY_TYPE) {
if (headerEnd) {
break;
} else
if (header == BEGIN_RSA_PRIV) {
header = BEGIN_PRIV_KEY; footer = END_PRIV_KEY;
} else
if (header == BEGIN_PRIV_KEY) {
header = BEGIN_ENC_PRIV_KEY; footer = END_ENC_PRIV_KEY;
} else
#ifdef HAVE_ECC
if (header == BEGIN_ENC_PRIV_KEY) {
header = BEGIN_EC_PRIV; footer = END_EC_PRIV;
} else
if (header == BEGIN_EC_PRIV) {
header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV;
} else
#endif
#ifdef HAVE_ED25519
if (type == PRIVATEKEY_TYPE) {
if (header == BEGIN_RSA_PRIV) {
header = BEGIN_PRIV_KEY; footer = END_PRIV_KEY;
} else
if (header == BEGIN_PRIV_KEY) {
header = BEGIN_ENC_PRIV_KEY; footer = END_ENC_PRIV_KEY;
} else
#ifdef HAVE_ECC
if (header == BEGIN_DSA_PRIV)
#else
if (header == BEGIN_ENC_PRIV_KEY)
if (header == BEGIN_ENC_PRIV_KEY) {
header = BEGIN_EC_PRIV; footer = END_EC_PRIV;
} else
if (header == BEGIN_EC_PRIV) {
header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV;
} else
#endif
{
header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV;
#ifdef HAVE_ED25519
#ifdef HAVE_ECC
if (header == BEGIN_DSA_PRIV)
#else
if (header == BEGIN_ENC_PRIV_KEY)
#endif
{
header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV;
} else
#endif
{
break;
}
} else
#endif
#ifdef HAVE_CRL
if (type == CRL_TYPE) {
header = BEGIN_CRL; footer = END_CRL;
if ((type == CRL_TYPE) && (header != BEGIN_CRL)) {
header = BEGIN_CRL; footer = END_CRL;
} else
#endif
{
+13 -7
View File
@@ -2201,13 +2201,13 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
/* tmp2 += (2*loop_check_prime)
* to have p = (q * tmp2) + 1 prime
*/
if (primeCheckCount) {
if ((ret == 0) && (primeCheckCount)) {
if (mp_add_d(&tmp2, 2 * primeCheckCount, &tmp2) != MP_OKAY)
ret = MP_ADD_E;
}
/* find a value g for which g^tmp2 != 1 */
if (mp_set(&dh->g, 1) != MP_OKAY)
if ((ret == 0) && (mp_set(&dh->g, 1) != MP_OKAY))
ret = MP_ZERO_E;
if (ret == 0) {
@@ -2219,18 +2219,24 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
} while (ret == 0 && mp_cmp_d(&tmp, 1) == MP_EQ);
}
/* at this point tmp generates a group of order q mod p */
mp_exch(&tmp, &dh->g);
if (ret == 0) {
/* at this point tmp generates a group of order q mod p */
mp_exch(&tmp, &dh->g);
}
/* clear the parameters if there was an error */
if (ret != 0) {
if ((ret != 0) && (dh != NULL)) {
mp_clear(&dh->q);
mp_clear(&dh->p);
mp_clear(&dh->g);
}
ForceZero(buf, bufSz);
XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (buf != NULL) {
ForceZero(buf, bufSz);
if (dh != NULL) {
XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
}
mp_clear(&tmp);
mp_clear(&tmp2);
+17 -7
View File
@@ -357,12 +357,14 @@ static long wc_PKCS7_GetMaxStream(PKCS7* pkcs7, byte flag, byte* in,
pkcs7->stream->maxLen = length + idx;
}
}
if (pkcs7->stream->maxLen == 0) {
pkcs7->stream->maxLen = defSz;
}
return pkcs7->stream->maxLen;
}
if (pkcs7->stream->maxLen == 0) {
pkcs7->stream->maxLen = defSz;
}
return defSz;
}
@@ -3435,7 +3437,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
byte* der;
#endif
int multiPart = 0, keepContent;
int contentLen;
int contentLen = 0;
byte* pkiMsg = in;
word32 pkiMsgSz = inSz;
@@ -3877,7 +3879,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
/* If getting the content info failed with non degenerate then return the
* error case. Otherwise with a degenerate it is ok if the content
* info was omitted */
if (!degenerate && !detached && ret != 0) {
if (!degenerate && !detached && (ret != 0)) {
break;
}
else {
@@ -8560,10 +8562,11 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
ret = BAD_FUNC_ARG;
}
return ret;
(void)pkiMsg;
(void)pkiMsgSz;
return ret;
#else
(void)in;
(void)inSz;
@@ -8588,7 +8591,7 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
byte* pkiMsg = in;
word32 pkiMsgSz = inSz;
#ifndef NO_PKCS7_STREAM
word32 tmpIdx = *idx;
word32 tmpIdx;
long rc;
#endif
@@ -8598,6 +8601,10 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
return BAD_FUNC_ARG;
}
#ifndef NO_PKCS7_STREAM
tmpIdx = *idx;
#endif
/* check if in the process of decrypting */
switch (pkcs7->state) {
case WC_PKCS7_DECRYPT_KTRI:
@@ -9914,6 +9921,9 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
idx += unauthAttribsSetSz;
XMEMCPY(output + idx, flatUnauthAttribs, unauthAttribsSz);
idx += unauthAttribsSz;
}
if (flatUnauthAttribs != NULL) {
XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
}