Fix for pkcs12 with NULL or zero length password

Previously passing a NULL or zero length password into either mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate loop, and it was also possible to pass a NULL password, with a non-zero length, which would cause memory corruption. I have fixed these errors, and improved the documentation to reflect the changes and further explain what is expected of the inputs. Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-11-26 01:05:40 +01:00 · 2021-11-11 19:00:38 +00:00 · 2021-11-11 19:00:38 +00:00 · fe724fe618
commit fe724fe618
parent 18a59b7d4c
3 changed files with 31 additions and 14 deletions
--- a/ChangeLog.d/fix-pkcs12-null-password.txt
+++ b/ChangeLog.d/fix-pkcs12-null-password.txt
@ -0,0 +1,2 @@
+Bugfix
+   * Fix issues in pkcs12 when a NULL and/or zero length password was supplied.
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@ -79,11 +79,13 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
 * \brief            PKCS12 Password Based function (encryption / decryption)
 *                   for cipher-based and mbedtls_md-based PBE's
 *
- * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
- * \param mode       either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
+ * \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure
+ * \param mode       either MBEDTLS_PKCS12_PBE_ENCRYPT or
+ *                   MBEDTLS_PKCS12_PBE_DECRYPT
 * \param cipher_type the cipher used
- * \param md_type     the mbedtls_md used
- * \param pwd        the password used (may be NULL if no password is used)
+ * \param md_type    the mbedtls_md used
+ * \param pwd        Latin1-encoded password used (may be NULL if no password is
+ *                   used, but not if pwdlen is non-zero)
 * \param pwdlen     length of the password (may be 0)
 * \param input      the input data
 * \param len        data length
@ -108,14 +110,16 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
 *                   integrity key.
 *
 * \param data       buffer to store the derived data in
- * \param datalen    length to fill
- * \param pwd        password to use (may be NULL if no password is used)
+ * \param datalen    length of buffer to fill
+ * \param pwd        Null terminated BMPString password to use (may be NULL if
+ *                   no password is used, but not if pwdlen is non-zero)
 * \param pwdlen     length of the password (may be 0)
 * \param salt       salt buffer to use
 * \param saltlen    length of the salt
- * \param mbedtls_md         mbedtls_md type to use during the derivation
- * \param id         id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY,
- *                   MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY)
+ * \param mbedtls_md mbedtls_md type to use during the derivation
+ * \param id         id that describes the purpose (can be
+ *                   MBEDTLS_PKCS12_DERIVE_KEY, MBEDTLS_PKCS12_DERIVE_IV or
+ *                   MBEDTLS_PKCS12_DERIVE_MAC_KEY)
 * \param iterations number of iterations
 *
 * \return          0 if successful, or a MD, BIGNUM type error.
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@ -179,6 +179,9 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
    mbedtls_cipher_context_t cipher_ctx;
    size_t olen = 0;

+    if( pwd == NULL && pwdlen != 0 )
+        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
+
    cipher_info = mbedtls_cipher_info_from_type( cipher_type );
    if( cipher_info == NULL )
        return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
@ -231,13 +234,18 @@ static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
    unsigned char *p = data;
    size_t use_len;

-    while( data_len > 0 )
+    if( filler != NULL && fill_len != 0 )
    {
-        use_len = ( data_len > fill_len ) ? fill_len : data_len;
-        memcpy( p, filler, use_len );
-        p += use_len;
-        data_len -= use_len;
+        while( data_len > 0 )
+        {
+            use_len = ( data_len > fill_len ) ? fill_len : data_len;
+            memcpy( p, filler, use_len );
+            p += use_len;
+            data_len -= use_len;
+        }
    }
+    else
+        memset( data, 0, data_len );
 }

 int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
@ -263,6 +271,9 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
    if( datalen > 128 || pwdlen > 64 || saltlen > 64 )
        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );

+    if( pwd == NULL && pwdlen != 0 )
+        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
+
    md_info = mbedtls_md_info_from_type( md_type );
    if( md_info == NULL )
        return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );