fix RSA - wycheproof "wrong length"

2017-08-29 17:21:22 +02:00 · 2017-08-29 17:21:22 +02:00 · 43e6860925
commit 43e6860925
parent fe9af6cfbd
7 changed files with 22 additions and 15 deletions
--- a/src/pk/asn1/der/sequence/der_decode_sequence_ex.c
+++ b/src/pk/asn1/der/sequence/der_decode_sequence_ex.c
@ -310,7 +310,12 @@ int der_decode_sequence_ex(const unsigned char *in, unsigned long  inlen,
          goto LBL_ERR;
      }
   }
   if (inlen == 0) {
      err = CRYPT_OK;
   } else {
      err = CRYPT_PK_INVALID_SIZE;
   }
 LBL_ERR:
   return err;
--- a/src/pk/dh/dh_import.c
+++ b/src/pk/dh/dh_import.c
@ -37,7 +37,7 @@ int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key)
                                   LTC_ASN1_SHORT_INTEGER, 1UL, &version,
                                   LTC_ASN1_BIT_STRING, 1UL, &flags,
                                   LTC_ASN1_EOL, 0UL, NULL);
-   if (err != CRYPT_OK) {
+   if (err != CRYPT_OK && err != CRYPT_PK_INVALID_SIZE) {
      goto error;
   }
--- a/src/pk/dsa/dsa_decrypt_key.c
+++ b/src/pk/dsa/dsa_decrypt_key.c
@ -46,8 +46,8 @@ int dsa_decrypt_key(const unsigned char *in,  unsigned long  inlen,
   /* decode to find out hash */
   LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0]));
-
+   err = der_decode_sequence(in, inlen, decode, 1);
-   if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) {
+   if (err != CRYPT_OK && err != CRYPT_PK_INVALID_SIZE) {
      return err;
   }
--- a/src/pk/dsa/dsa_import.c
+++ b/src/pk/dsa/dsa_import.c
@ -39,9 +39,10 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key)
   }
   /* try to match the old libtomcrypt format */
-   if ((err = der_decode_sequence_multi(in, inlen,
+   err = der_decode_sequence_multi(in, inlen, LTC_ASN1_BIT_STRING, 1UL, flags,
-                                  LTC_ASN1_BIT_STRING, 1UL, flags,
+                                              LTC_ASN1_EOL,        0UL, NULL);
-                                  LTC_ASN1_EOL, 0UL, NULL)) == CRYPT_OK) {
+
   if (err == CRYPT_OK || err == CRYPT_PK_INVALID_SIZE) {
       /* private key */
       if (flags[0]) {
           if ((err = der_decode_sequence_multi(in, inlen,
--- a/src/pk/ecc/ecc_decrypt_key.c
+++ b/src/pk/ecc/ecc_decrypt_key.c
@ -52,8 +52,8 @@ int ecc_decrypt_key(const unsigned char *in,  unsigned long  inlen,
   /* decode to find out hash */
   LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0]));
-
+   err = der_decode_sequence(in, inlen, decode, 1);
-   if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) {
+   if (err != CRYPT_OK && err != CRYPT_PK_INVALID_SIZE) {
      return err;
   }
--- a/src/pk/ecc/ecc_import.c
+++ b/src/pk/ecc/ecc_import.c
@ -105,9 +105,9 @@ int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, co
   }
   /* find out what type of key it is */
-   if ((err = der_decode_sequence_multi(in, inlen,
+   err = der_decode_sequence_multi(in, inlen, LTC_ASN1_BIT_STRING, 1UL, flags,
-                                  LTC_ASN1_BIT_STRING, 1UL, flags,
+                                              LTC_ASN1_EOL,        0UL, NULL);
-                                  LTC_ASN1_EOL,        0UL, NULL)) != CRYPT_OK) {
+   if (err != CRYPT_OK && err != CRYPT_PK_INVALID_SIZE) {
      goto done;
   }
--- a/src/pk/rsa/rsa_import.c
+++ b/src/pk/rsa/rsa_import.c
@ -66,9 +66,10 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
   }
   /* not SSL public key, try to match against PKCS #1 standards */
-   if ((err = der_decode_sequence_multi(in, inlen,
+   err = der_decode_sequence_multi(in, inlen, LTC_ASN1_INTEGER, 1UL, key->N,
-                                  LTC_ASN1_INTEGER, 1UL, key->N,
+                                              LTC_ASN1_EOL,     0UL, NULL);
-                                  LTC_ASN1_EOL,     0UL, NULL)) != CRYPT_OK) {
+
   if (err != CRYPT_OK && err != CRYPT_PK_INVALID_SIZE) {
      goto LBL_ERR;
   }