TeaSpeak/tomcrypt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #373 from libtom/fix/der-recursion-limit

Browse Source 
implement DER recursion limit
(cherry picked from commit af67321bf3cde1a470c679e459ebb8189e38c9bd)
This commit is contained in:
Steffen Jaeckel 2018-04-13 09:42:47 +02:00 committed by Steffen Jaeckel
parent 3249dcb963
commit 719d297e9f
6 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/headers/tomcrypt_custom.h
View File

@ -472,6 +472,13 @@
#endif #endif
#endif #endif
#if defined(LTC_DER)
#ifndef LTC_DER_MAX_RECURSION
/* Maximum recursion limit when processing nested ASN.1 types. */
#define LTC_DER_MAX_RECURSION 30
#endif
#endif
#if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(LTC_MKAT) #if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(LTC_MKAT)
/* Include the MPI functionality? (required by the PK algorithms) */ /* Include the MPI functionality? (required by the PK algorithms) */
#define LTC_MPI #define LTC_MPI

1
src/misc/crypt/crypt.c
View File

@ -398,6 +398,7 @@ const char *crypt_build_settings =
#endif #endif
#if defined(LTC_DER) #if defined(LTC_DER)
" DER " " DER "
" " NAME_VALUE(LTC_DER_MAX_RECURSION) " "
#endif #endif
#if defined(LTC_PKCS_1) #if defined(LTC_PKCS_1)
" PKCS#1 " " PKCS#1 "

4
src/misc/crypt/crypt_constants.c
View File

@ -111,6 +111,7 @@ static const crypt_constant _crypt_constants[] = {
#ifdef LTC_DER #ifdef LTC_DER
/* DER handling */ /* DER handling */
{"LTC_DER", 1},
_C_STRINGIFY(LTC_ASN1_EOL), _C_STRINGIFY(LTC_ASN1_EOL),
_C_STRINGIFY(LTC_ASN1_BOOLEAN), _C_STRINGIFY(LTC_ASN1_BOOLEAN),
_C_STRINGIFY(LTC_ASN1_INTEGER), _C_STRINGIFY(LTC_ASN1_INTEGER),
@ -132,6 +133,9 @@ static const crypt_constant _crypt_constants[] = {
_C_STRINGIFY(LTC_ASN1_CONSTRUCTED), _C_STRINGIFY(LTC_ASN1_CONSTRUCTED),
_C_STRINGIFY(LTC_ASN1_CONTEXT_SPECIFIC), _C_STRINGIFY(LTC_ASN1_CONTEXT_SPECIFIC),
_C_STRINGIFY(LTC_ASN1_GENERALIZEDTIME), _C_STRINGIFY(LTC_ASN1_GENERALIZEDTIME),
_C_STRINGIFY(LTC_DER_MAX_RECURSION),
#else
{"LTC_DER", 0},
#endif #endif
#ifdef LTC_CTR_MODE #ifdef LTC_CTR_MODE

13
src/pk/asn1/der/sequence/der_decode_sequence_flexi.c
View File

@ -79,7 +79,7 @@ static int _new_element(ltc_asn1_list **l)
*/ */
int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out) int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out)
{ {
ltc_asn1_list *l; ltc_asn1_list *l, *t;
unsigned long err, type, len, totlen, data_offset; unsigned long err, type, len, totlen, data_offset;
void *realloc_tmp; void *realloc_tmp;
@ -407,6 +407,17 @@ int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc
l->child->parent = l; l->child->parent = l;
} }
t = l;
len_len = 0;
while((t != NULL) && (t->child != NULL)) {
len_len++;
t = t->child;
}
if (len_len > LTC_DER_MAX_RECURSION) {
err = CRYPT_PK_ASN1_ERROR;
goto error;
}
break; break;
case 0x80: /* Context-specific */ case 0x80: /* Context-specific */

2
tests/common.h
View File

@ -16,9 +16,11 @@ extern prng_state yarrow_prng;
#ifdef LTC_VERBOSE #ifdef LTC_VERBOSE
#define DO(x) do { fprintf(stderr, "%s:\n", #x); run_cmd((x), __LINE__, __FILE__, #x, NULL); } while (0) #define DO(x) do { fprintf(stderr, "%s:\n", #x); run_cmd((x), __LINE__, __FILE__, #x, NULL); } while (0)
#define DOX(x, str) do { fprintf(stderr, "%s - %s:\n", #x, (str)); run_cmd((x), __LINE__, __FILE__, #x, (str)); } while (0) #define DOX(x, str) do { fprintf(stderr, "%s - %s:\n", #x, (str)); run_cmd((x), __LINE__, __FILE__, #x, (str)); } while (0)
#define SHOULD_FAIL(x) do { fprintf(stderr, "%s:\n", #x); run_cmd((x) != CRYPT_OK ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, NULL); } while (0)
#else #else
#define DO(x) do { run_cmd((x), __LINE__, __FILE__, #x, NULL); } while (0) #define DO(x) do { run_cmd((x), __LINE__, __FILE__, #x, NULL); } while (0)
#define DOX(x, str) do { run_cmd((x), __LINE__, __FILE__, #x, (str)); } while (0) #define DOX(x, str) do { run_cmd((x), __LINE__, __FILE__, #x, (str)); } while (0)
#define SHOULD_FAIL(x) do { run_cmd((x) != CRYPT_OK ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, NULL); } while (0)
#endif #endif
void run_cmd(int res, int line, const char *file, const char *cmd, const char *algorithm); void run_cmd(int res, int line, const char *file, const char *cmd, const char *algorithm);

21
tests/der_test.c
View File

@ -1094,6 +1094,25 @@ static int der_choice_test(void)
} }
static void _der_recursion_limit(void)
{
int failed = 0;
unsigned int n;
unsigned long integer = 123, s;
ltc_asn1_list seqs[LTC_DER_MAX_RECURSION + 2], dummy[1], *flexi;
unsigned char buf[2048];
LTC_SET_ASN1(dummy, 0, LTC_ASN1_SHORT_INTEGER, &integer, 1);
LTC_SET_ASN1(seqs, LTC_DER_MAX_RECURSION + 1, LTC_ASN1_SEQUENCE, dummy, 1);
for (n = 0; n < LTC_DER_MAX_RECURSION + 1; ++n) {
LTC_SET_ASN1(seqs, LTC_DER_MAX_RECURSION - n, LTC_ASN1_SEQUENCE, &seqs[LTC_DER_MAX_RECURSION - n + 1], 1);
}
s = sizeof(buf);
DO(der_encode_sequence(seqs, 1, buf, &s));
DO(der_decode_sequence(buf, s, seqs, 1));
SHOULD_FAIL(der_decode_sequence_flexi(buf, &s, &flexi));
if (failed) exit(EXIT_FAILURE);
}
int der_test(void) int der_test(void)
{ {
unsigned long x, y, z, zz, oid[2][32]; unsigned long x, y, z, zz, oid[2][32];
@ -1126,6 +1145,8 @@ int der_test(void)
unsigned char utf8_buf[32]; unsigned char utf8_buf[32];
wchar_t utf8_out[32]; wchar_t utf8_out[32];
_der_recursion_limit();
der_cacert_test(); der_cacert_test();
DO(mp_init_multi(&a, &b, &c, &d, &e, &f, &g, NULL)); DO(mp_init_multi(&a, &b, &c, &d, &e, &f, &g, NULL));