From fe9af6cfbd4d513f8f6546f1ff2c5b71f5e0609a Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Thu, 24 Aug 2017 23:22:28 +0200 Subject: [PATCH 1/2] RSA: handle wycheproof test vectors - Legacy:missing NULL --- src/pk/rsa/rsa_verify_hash.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/pk/rsa/rsa_verify_hash.c b/src/pk/rsa/rsa_verify_hash.c index 8998122..b584696 100644 --- a/src/pk/rsa/rsa_verify_hash.c +++ b/src/pk/rsa/rsa_verify_hash.c @@ -143,8 +143,12 @@ int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, tmpbuf, siglen); if ((err = der_decode_sequence(out, outlen, siginfo, 2)) != CRYPT_OK) { - XFREE(out); - goto bail_2; + /* fallback to Legacy:missing NULL */ + LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 1); + if ((err = der_decode_sequence(out, outlen, siginfo, 2)) != CRYPT_OK) { + XFREE(out); + goto bail_2; + } } if ((err = der_length_sequence(siginfo, 2, &reallen)) != CRYPT_OK) { From 43e68609259cb8e031a5885603f1042a992ef81d Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 29 Aug 2017 17:21:22 +0200 Subject: [PATCH 2/2] fix RSA - wycheproof "wrong length" --- src/pk/asn1/der/sequence/der_decode_sequence_ex.c | 7 ++++++- src/pk/dh/dh_import.c | 2 +- src/pk/dsa/dsa_decrypt_key.c | 4 ++-- src/pk/dsa/dsa_import.c | 7 ++++--- src/pk/ecc/ecc_decrypt_key.c | 4 ++-- src/pk/ecc/ecc_import.c | 6 +++--- src/pk/rsa/rsa_import.c | 7 ++++--- 7 files changed, 22 insertions(+), 15 deletions(-) diff --git a/src/pk/asn1/der/sequence/der_decode_sequence_ex.c b/src/pk/asn1/der/sequence/der_decode_sequence_ex.c index 9addfa5..8a6755e 100644 --- a/src/pk/asn1/der/sequence/der_decode_sequence_ex.c +++ b/src/pk/asn1/der/sequence/der_decode_sequence_ex.c @@ -310,7 +310,12 @@ int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen, goto LBL_ERR; } } - err = CRYPT_OK; + + if (inlen == 0) { + err = CRYPT_OK; + } else { + err = CRYPT_PK_INVALID_SIZE; + } LBL_ERR: return err; diff --git a/src/pk/dh/dh_import.c b/src/pk/dh/dh_import.c index 66778eb..c86f2b5 100644 --- a/src/pk/dh/dh_import.c +++ b/src/pk/dh/dh_import.c @@ -37,7 +37,7 @@ int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key) LTC_ASN1_SHORT_INTEGER, 1UL, &version, LTC_ASN1_BIT_STRING, 1UL, &flags, LTC_ASN1_EOL, 0UL, NULL); - if (err != CRYPT_OK) { + if (err != CRYPT_OK && err != CRYPT_PK_INVALID_SIZE) { goto error; } diff --git a/src/pk/dsa/dsa_decrypt_key.c b/src/pk/dsa/dsa_decrypt_key.c index bee276a..806ef3e 100644 --- a/src/pk/dsa/dsa_decrypt_key.c +++ b/src/pk/dsa/dsa_decrypt_key.c @@ -46,8 +46,8 @@ int dsa_decrypt_key(const unsigned char *in, unsigned long inlen, /* decode to find out hash */ LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0])); - - if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) { + err = der_decode_sequence(in, inlen, decode, 1); + if (err != CRYPT_OK && err != CRYPT_PK_INVALID_SIZE) { return err; } diff --git a/src/pk/dsa/dsa_import.c b/src/pk/dsa/dsa_import.c index d71cdd5..5db6963 100644 --- a/src/pk/dsa/dsa_import.c +++ b/src/pk/dsa/dsa_import.c @@ -39,9 +39,10 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key) } /* try to match the old libtomcrypt format */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_EOL, 0UL, NULL)) == CRYPT_OK) { + err = der_decode_sequence_multi(in, inlen, LTC_ASN1_BIT_STRING, 1UL, flags, + LTC_ASN1_EOL, 0UL, NULL); + + if (err == CRYPT_OK || err == CRYPT_PK_INVALID_SIZE) { /* private key */ if (flags[0]) { if ((err = der_decode_sequence_multi(in, inlen, diff --git a/src/pk/ecc/ecc_decrypt_key.c b/src/pk/ecc/ecc_decrypt_key.c index e0d3fd3..4a16de9 100644 --- a/src/pk/ecc/ecc_decrypt_key.c +++ b/src/pk/ecc/ecc_decrypt_key.c @@ -52,8 +52,8 @@ int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, /* decode to find out hash */ LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0])); - - if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) { + err = der_decode_sequence(in, inlen, decode, 1); + if (err != CRYPT_OK && err != CRYPT_PK_INVALID_SIZE) { return err; } diff --git a/src/pk/ecc/ecc_import.c b/src/pk/ecc/ecc_import.c index 7c0afed..034c9bd 100644 --- a/src/pk/ecc/ecc_import.c +++ b/src/pk/ecc/ecc_import.c @@ -105,9 +105,9 @@ int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, co } /* find out what type of key it is */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + err = der_decode_sequence_multi(in, inlen, LTC_ASN1_BIT_STRING, 1UL, flags, + LTC_ASN1_EOL, 0UL, NULL); + if (err != CRYPT_OK && err != CRYPT_PK_INVALID_SIZE) { goto done; } diff --git a/src/pk/rsa/rsa_import.c b/src/pk/rsa/rsa_import.c index a6be18d..fbae39b 100644 --- a/src/pk/rsa/rsa_import.c +++ b/src/pk/rsa/rsa_import.c @@ -66,9 +66,10 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) } /* not SSL public key, try to match against PKCS #1 standards */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, key->N, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + err = der_decode_sequence_multi(in, inlen, LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_EOL, 0UL, NULL); + + if (err != CRYPT_OK && err != CRYPT_PK_INVALID_SIZE) { goto LBL_ERR; }