yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 03:25:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix for pkcs12 with NULL or zero length password

Browse Source 
Previously passing a NULL or zero length password into either
mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate
loop, and it was also possible to pass a NULL password, with a non-zero
length, which would cause memory corruption.
I have fixed these errors, and improved the documentation to reflect the
changes and further explain what is expected of the inputs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott 2021-11-11 19:00:38 +00:00
parent 18a59b7d4c
commit fe724fe618
3 changed files with 31 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog.d/fix-pkcs12-null-password.txt Normal file
View File

@ -0,0 +1,2 @@
Bugfix
* Fix issues in pkcs12 when a NULL and/or zero length password was supplied.

22
include/mbedtls/pkcs12.h
View File

@ -79,11 +79,13 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
* \brief PKCS12 Password Based function (encryption / decryption) * \brief PKCS12 Password Based function (encryption / decryption)
* for cipher-based and mbedtls_md-based PBE's * for cipher-based and mbedtls_md-based PBE's
* *
* \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure * \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure
* \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or
* MBEDTLS_PKCS12_PBE_DECRYPT
* \param cipher_type the cipher used * \param cipher_type the cipher used
* \param md_type the mbedtls_md used * \param md_type the mbedtls_md used
* \param pwd the password used (may be NULL if no password is used) * \param pwd Latin1-encoded password used (may be NULL if no password is
* used, but not if pwdlen is non-zero)
* \param pwdlen length of the password (may be 0) * \param pwdlen length of the password (may be 0)
* \param input the input data * \param input the input data
* \param len data length * \param len data length
@ -108,14 +110,16 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
* integrity key. * integrity key.
* *
* \param data buffer to store the derived data in * \param data buffer to store the derived data in
* \param datalen length to fill * \param datalen length of buffer to fill
* \param pwd password to use (may be NULL if no password is used) * \param pwd Null terminated BMPString password to use (may be NULL if
* no password is used, but not if pwdlen is non-zero)
* \param pwdlen length of the password (may be 0) * \param pwdlen length of the password (may be 0)
* \param salt salt buffer to use * \param salt salt buffer to use
* \param saltlen length of the salt * \param saltlen length of the salt
* \param mbedtls_md mbedtls_md type to use during the derivation * \param mbedtls_md mbedtls_md type to use during the derivation
* \param id id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY, * \param id id that describes the purpose (can be
* MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY) * MBEDTLS_PKCS12_DERIVE_KEY, MBEDTLS_PKCS12_DERIVE_IV or
* MBEDTLS_PKCS12_DERIVE_MAC_KEY)
* \param iterations number of iterations * \param iterations number of iterations
* *
* \return 0 if successful, or a MD, BIGNUM type error. * \return 0 if successful, or a MD, BIGNUM type error.

21
library/pkcs12.c
View File

@ -179,6 +179,9 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_cipher_context_t cipher_ctx; mbedtls_cipher_context_t cipher_ctx;
size_t olen = 0; size_t olen = 0;
if( pwd == NULL && pwdlen != 0 )
return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
cipher_info = mbedtls_cipher_info_from_type( cipher_type ); cipher_info = mbedtls_cipher_info_from_type( cipher_type );
if( cipher_info == NULL ) if( cipher_info == NULL )
return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
@ -231,13 +234,18 @@ static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
unsigned char *p = data; unsigned char *p = data;
size_t use_len; size_t use_len;
while( data_len > 0 ) if( filler != NULL && fill_len != 0 )
{ {
use_len = ( data_len > fill_len ) ? fill_len : data_len; while( data_len > 0 )
memcpy( p, filler, use_len ); {
p += use_len; use_len = ( data_len > fill_len ) ? fill_len : data_len;
data_len -= use_len; memcpy( p, filler, use_len );
p += use_len;
data_len -= use_len;
}
} }
else
memset( data, 0, data_len );
} }
int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
@ -263,6 +271,9 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
if( datalen > 128 || pwdlen > 64 || saltlen > 64 ) if( datalen > 128 || pwdlen > 64 || saltlen > 64 )
return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA ); return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
if( pwd == NULL && pwdlen != 0 )
return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
md_info = mbedtls_md_info_from_type( md_type ); md_info = mbedtls_md_info_from_type( md_type );
if( md_info == NULL ) if( md_info == NULL )
return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );