From 11587f5bf0bb9e621edd4c867c0bc942d804d1ce Mon Sep 17 00:00:00 2001 From: Evgeny Margolis Date: Sat, 7 May 2022 04:52:02 -0700 Subject: [PATCH] Added CanCastTo() Macros in the OpenSSL Crypto Library Implementation. (#18161) * Added CanCastTo() Macros in the OpenSSL Crypto Library Implementation. * fixed typo --- src/crypto/CHIPCryptoPALOpenSSL.cpp | 30 +++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/src/crypto/CHIPCryptoPALOpenSSL.cpp b/src/crypto/CHIPCryptoPALOpenSSL.cpp index 5dcb11024ae4a4..8c59ffeae96ca7 100644 --- a/src/crypto/CHIPCryptoPALOpenSSL.cpp +++ b/src/crypto/CHIPCryptoPALOpenSSL.cpp @@ -512,6 +512,7 @@ CHIP_ERROR HMAC_sha::HMAC_SHA256(const uint8_t * key, size_t key_length, const u HMAC_CTX * mac_ctx = HMAC_CTX_new(); VerifyOrExit(mac_ctx != nullptr, error = CHIP_ERROR_INTERNAL); + VerifyOrExit(CanCastTo(key_length), error = CHIP_ERROR_INVALID_ARGUMENT); error_openssl = HMAC_Init_ex(mac_ctx, Uint8::to_const_uchar(key), static_cast(key_length), EVP_sha256(), nullptr); VerifyOrExit(error_openssl == 1, error = CHIP_ERROR_INTERNAL); @@ -1112,8 +1113,9 @@ P256Keypair::~P256Keypair() CHIP_ERROR P256Keypair::NewCertificateSigningRequest(uint8_t * out_csr, size_t & csr_length) { ERR_clear_error(); - CHIP_ERROR error = CHIP_NO_ERROR; - int result = 0; + CHIP_ERROR error = CHIP_NO_ERROR; + int result = 0; + int csr_length_local = 0; X509_REQ * x509_req = X509_REQ_new(); EVP_PKEY * evp_pkey = nullptr; @@ -1152,6 +1154,10 @@ CHIP_ERROR P256Keypair::NewCertificateSigningRequest(uint8_t * out_csr, size_t & result = X509_REQ_sign(x509_req, evp_pkey, EVP_sha256()); VerifyOrExit(result > 0, error = CHIP_ERROR_INTERNAL); + csr_length_local = i2d_X509_REQ(x509_req, nullptr); + VerifyOrExit(csr_length_local >= 0, error = CHIP_ERROR_INTERNAL); + VerifyOrExit(CanCastTo(csr_length_local), error = CHIP_ERROR_BUFFER_TOO_SMALL); + VerifyOrExit(static_cast(csr_length_local) <= csr_length, error = CHIP_ERROR_BUFFER_TOO_SMALL); csr_length = static_cast(i2d_X509_REQ(x509_req, &out_csr)); exit: @@ -1530,11 +1536,11 @@ CHIP_ERROR ValidateCertificateChain(const uint8_t * rootCertificate, size_t root result = CertificateChainValidationResult::kInternalFrameworkError; - VerifyOrReturnError(rootCertificate != nullptr && rootCertificateLen != 0, + VerifyOrReturnError(rootCertificate != nullptr && rootCertificateLen != 0 && CanCastTo(rootCertificateLen), (result = CertificateChainValidationResult::kRootArgumentInvalid, CHIP_ERROR_INVALID_ARGUMENT)); - VerifyOrReturnError(caCertificate != nullptr && caCertificateLen != 0, + VerifyOrReturnError(caCertificate != nullptr && caCertificateLen != 0 && CanCastTo(caCertificateLen), (result = CertificateChainValidationResult::kICAArgumentInvalid, CHIP_ERROR_INVALID_ARGUMENT)); - VerifyOrReturnError(leafCertificate != nullptr && leafCertificateLen != 0, + VerifyOrReturnError(leafCertificate != nullptr && leafCertificateLen != 0 && CanCastTo(leafCertificateLen), (result = CertificateChainValidationResult::kLeafArgumentInvalid, CHIP_ERROR_INVALID_ARGUMENT)); store = X509_STORE_new(); @@ -1592,7 +1598,9 @@ CHIP_ERROR IsCertificateValidAtIssuance(const ByteSpan & referenceCertificate, c ASN1_TIME * tbeNotAfterTime = nullptr; int result = 0; - VerifyOrReturnError(!referenceCertificate.empty() && !toBeEvaluatedCertificate.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!referenceCertificate.empty() && CanCastTo(referenceCertificate.size()) && + !toBeEvaluatedCertificate.empty() && CanCastTo(toBeEvaluatedCertificate.size()), + CHIP_ERROR_INVALID_ARGUMENT); x509ReferenceCertificate = d2i_X509(nullptr, &pReferenceCertificate, static_cast(referenceCertificate.size())); VerifyOrExit(x509ReferenceCertificate != nullptr, error = CHIP_ERROR_NO_MEMORY); @@ -1629,7 +1637,7 @@ CHIP_ERROR IsCertificateValidAtCurrentTime(const ByteSpan & certificate) ASN1_TIME * time = nullptr; int result = 0; - VerifyOrReturnError(!certificate.empty(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(!certificate.empty() && CanCastTo(certificate.size()), CHIP_ERROR_INVALID_ARGUMENT); x509Certificate = d2i_X509(nullptr, &pCertificate, static_cast(certificate.size())); VerifyOrExit(x509Certificate != nullptr, error = CHIP_ERROR_NO_MEMORY); @@ -1665,6 +1673,8 @@ CHIP_ERROR ExtractPubkeyFromX509Cert(const ByteSpan & certificate, Crypto::P256P unsigned char ** ppPubkey = &pPubkey; int pkeyLen; + VerifyOrReturnError(!certificate.empty() && CanCastTo(certificate.size()), CHIP_ERROR_INVALID_ARGUMENT); + x509certificate = d2i_X509(nullptr, ppCertificate, static_cast(certificate.size())); VerifyOrExit(x509certificate != nullptr, err = CHIP_ERROR_NO_MEMORY); @@ -1695,13 +1705,15 @@ CHIP_ERROR ExtractKIDFromX509Cert(bool isSKID, const ByteSpan & certificate, Mut const unsigned char ** ppCertificate = &pCertificate; const ASN1_OCTET_STRING * kidString = nullptr; + VerifyOrReturnError(!certificate.empty() && CanCastTo(certificate.size()), CHIP_ERROR_INVALID_ARGUMENT); + x509certificate = d2i_X509(nullptr, ppCertificate, static_cast(certificate.size())); VerifyOrExit(x509certificate != nullptr, err = CHIP_ERROR_NO_MEMORY); kidString = isSKID ? X509_get0_subject_key_id(x509certificate) : X509_get0_authority_key_id(x509certificate); VerifyOrExit(kidString != nullptr, err = CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrExit(kidString->length <= static_cast(kid.size()), err = CHIP_ERROR_BUFFER_TOO_SMALL); VerifyOrExit(CanCastTo(kidString->length), err = CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrExit(static_cast(kidString->length) <= kid.size(), err = CHIP_ERROR_BUFFER_TOO_SMALL); memcpy(kid.data(), kidString->data, static_cast(kidString->length)); @@ -1738,6 +1750,8 @@ CHIP_ERROR ExtractVIDPIDFromX509Cert(const ByteSpan & certificate, AttestationCe int x509EntryCountIdx = 0; AttestationCertVidPid vidpidFromCN; + VerifyOrReturnError(!certificate.empty() && CanCastTo(certificate.size()), CHIP_ERROR_INVALID_ARGUMENT); + x509certificate = d2i_X509(nullptr, &pCertificate, static_cast(certificate.size())); VerifyOrExit(x509certificate != nullptr, err = CHIP_ERROR_NO_MEMORY);