"bugant <[email protected]>" identified that a length check was missing when stripping the PKCS padding off cipher blocks, after decryption.
This was causing the token to crash when random numbers where provided for the decryption function (where the pad length for the invalid decrypted block could be larger than the block itself). This patch fixes this behavior for the Common code (Software and ICA tokens), as well as the TPM and CCA token. Signed-off-by: Klaus Heinrich Kiwi <[email protected]> --- usr/lib/pkcs11/cca_stdll/utility.c | 2 ++ usr/lib/pkcs11/common/utility.c | 2 ++ usr/lib/pkcs11/tpm_stdll/utility.c | 2 ++ 3 files changed, 6 insertions(+), 0 deletions(-) diff --git a/usr/lib/pkcs11/cca_stdll/utility.c b/usr/lib/pkcs11/cca_stdll/utility.c index fc7b12d..15f5a3b 100644 --- a/usr/lib/pkcs11/cca_stdll/utility.c +++ b/usr/lib/pkcs11/cca_stdll/utility.c @@ -825,6 +825,8 @@ strip_pkcs_padding( CK_BYTE * ptr, CK_BYTE pad_value; pad_value = ptr[total_len - 1]; + if (pad_value > total_len) + return CKR_ENCRYPTED_DATA_INVALID; // thus, we have 'pad_value' bytes of 'pad_value' appended to the end // diff --git a/usr/lib/pkcs11/common/utility.c b/usr/lib/pkcs11/common/utility.c index 347684b..5e401e9 100755 --- a/usr/lib/pkcs11/common/utility.c +++ b/usr/lib/pkcs11/common/utility.c @@ -1104,6 +1104,8 @@ strip_pkcs_padding( CK_BYTE * ptr, CK_BYTE pad_value; pad_value = ptr[total_len - 1]; + if (pad_value > total_len) + return CKR_ENCRYPTED_DATA_INVALID; // thus, we have 'pad_value' bytes of 'pad_value' appended to the end // diff --git a/usr/lib/pkcs11/tpm_stdll/utility.c b/usr/lib/pkcs11/tpm_stdll/utility.c index 9d6fbcd..ad32fb5 100644 --- a/usr/lib/pkcs11/tpm_stdll/utility.c +++ b/usr/lib/pkcs11/tpm_stdll/utility.c @@ -843,6 +843,8 @@ strip_pkcs_padding( CK_BYTE * ptr, CK_BYTE pad_value; pad_value = ptr[total_len - 1]; + if (pad_value > total_len) + return CKR_ENCRYPTED_DATA_INVALID; // thus, we have 'pad_value' bytes of 'pad_value' appended to the end // -- 1.7.2.3 ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev _______________________________________________ Opencryptoki-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
