lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

pem: check data padding in DES/AES decrypted buffers

Browse Source 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti
2024-02-12 11:01:37 +01:00
parent 4ade8ee5b9
commit 095e1ac71c
2 changed files with 44 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
library/pem.c
View File

@ -241,6 +241,28 @@ exit:
} }
#endif /* MBEDTLS_AES_C */ #endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C)
static int pem_check_pkcs_padding(unsigned char *input, size_t input_len, size_t *data_len)
{
size_t pad_len = input[input_len - 1];
size_t i;
if (pad_len > input_len) {
return MBEDTLS_ERR_PEM_BAD_INPUT_DATA;
}
*data_len = input_len - pad_len;
for (i = *data_len; i < input_len; i++) {
if (input[i] != pad_len) {
return MBEDTLS_ERR_PEM_BAD_INPUT_DATA;
}
}
return 0;
}
#endif /* MBEDTLS_DES_C || MBEDTLS_AES_C */
#endif /* PEM_RFC1421 */ #endif /* PEM_RFC1421 */
int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const char *footer, int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const char *footer,
@ -431,21 +453,36 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const
return ret; return ret;
} }
/* Check PKCS padding and update data length based on padding info.
* This can be used to detect invalid padding data and password
* mismatches. */
ret = pem_check_pkcs_padding(buf, len, &len);
if (ret != 0) {
mbedtls_free(buf);
return ret;
}
/* /*
* The result will be ASN.1 starting with a SEQUENCE tag. Parse it * In RFC1421 PEM is used as container for DER (ASN.1) content so we
* with ASN.1 functions in order to: * can use ASN.1 functions to parse the main SEQUENCE tag and to get its
* - Have an heuristic guess about password mismatches. * length.
* - Update len variable to the amount of valid data inside buf.
*/ */
unsigned char *p = buf; unsigned char *p = buf;
ret = mbedtls_asn1_get_tag(&p, buf + len, &len, size_t sequence_len;
ret = mbedtls_asn1_get_tag(&p, buf + len, &sequence_len,
MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED); MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED);
if (ret != 0) { if (ret != 0) {
mbedtls_free(buf); mbedtls_free(buf);
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret);
} }
/* Add also the sequence block (tag + len) to the total amount of valid data. */ /* Add also the sequence block (tag + len) to the total amount of valid data. */
len += (p - buf); sequence_len += (p - buf);
/* Ensure that the reported SEQUENCE length matches the data len (i.e. no
* trailing garbage data). */
if (len != sequence_len) {
return MBEDTLS_ERR_PEM_BAD_INPUT_DATA;
}
#else #else
mbedtls_zeroize_and_free(buf, len); mbedtls_zeroize_and_free(buf, len);
return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE; return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE;

2
tests/suites/test_suite_pkparse.data
View File

@ -8,7 +8,7 @@ pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0
Parse RSA Key #3 (Wrong password) Parse RSA Key #3 (Wrong password)
depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C
pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PEM_BAD_INPUT_DATA
Parse RSA Key #4 (DES Encrypted) Parse RSA Key #4 (DES Encrypted)
depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC