Implement parameter validation in pk, pkparse and pkwrite

Add checks for null pointers under MBEDTLS_CHECK_PARAMS.

In functions that perform operations with a context, only check if the
context pointer is non-null under MBEDTLS_CHECK_PARAMS. In the default
configuration, unconditionally dereference the context pointer.

In functions that query a context, support NULL as a
pointer-to-context argument, and return the same value as for a
context which has been initialized but not set up.
This commit is contained in:
Gilles Peskine 2018-12-19 00:51:38 +01:00
parent a310b41ebe
commit e97dc60b42
3 changed files with 106 additions and 17 deletions

View file

@ -44,13 +44,18 @@
#include <limits.h> #include <limits.h>
#include <stdint.h> #include <stdint.h>
/* Parameter validation macros based on platform_util.h */
#define PK_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
#define PK_VALIDATE( cond ) \
MBEDTLS_INTERNAL_VALIDATE( cond )
/* /*
* Initialise a mbedtls_pk_context * Initialise a mbedtls_pk_context
*/ */
void mbedtls_pk_init( mbedtls_pk_context *ctx ) void mbedtls_pk_init( mbedtls_pk_context *ctx )
{ {
if( ctx == NULL ) PK_VALIDATE( ctx != NULL );
return;
ctx->pk_info = NULL; ctx->pk_info = NULL;
ctx->pk_ctx = NULL; ctx->pk_ctx = NULL;
@ -75,6 +80,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx )
*/ */
void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
{ {
PK_VALIDATE( ctx != NULL );
ctx->pk_info = NULL; ctx->pk_info = NULL;
ctx->rs_ctx = NULL; ctx->rs_ctx = NULL;
} }
@ -84,7 +90,8 @@ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
*/ */
void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ) void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx )
{ {
if( ctx == NULL || ctx->pk_info == NULL || PK_VALIDATE( ctx != NULL );
if( ctx->pk_info == NULL ||
ctx->pk_info->rs_free_func == NULL ) ctx->pk_info->rs_free_func == NULL )
{ {
return; return;
@ -128,7 +135,8 @@ const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
*/ */
int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
{ {
if( ctx == NULL || info == NULL || ctx->pk_info != NULL ) PK_VALIDATE_RET( ctx != NULL );
if( info == NULL || ctx->pk_info != NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
@ -151,7 +159,8 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
mbedtls_rsa_alt_context *rsa_alt; mbedtls_rsa_alt_context *rsa_alt;
const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info; const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
if( ctx == NULL || ctx->pk_info != NULL ) PK_VALIDATE_RET( ctx != NULL );
if( ctx->pk_info != NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
@ -175,7 +184,6 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
*/ */
int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ) int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
{ {
/* null or NONE context can't do anything */
if( ctx == NULL || ctx->pk_info == NULL ) if( ctx == NULL || ctx->pk_info == NULL )
return( 0 ); return( 0 );
@ -232,7 +240,11 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
const unsigned char *sig, size_t sig_len, const unsigned char *sig, size_t sig_len,
mbedtls_pk_restart_ctx *rs_ctx ) mbedtls_pk_restart_ctx *rs_ctx )
{ {
if( ctx == NULL || ctx->pk_info == NULL || PK_VALIDATE_RET( ctx != NULL );
PK_VALIDATE_RET( hash != NULL );
PK_VALIDATE_RET( sig != NULL );
if( ctx->pk_info == NULL ||
pk_hashlen_helper( md_alg, &hash_len ) != 0 ) pk_hashlen_helper( md_alg, &hash_len ) != 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@ -285,7 +297,11 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
const unsigned char *hash, size_t hash_len, const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len ) const unsigned char *sig, size_t sig_len )
{ {
if( ctx == NULL || ctx->pk_info == NULL ) PK_VALIDATE_RET( ctx != NULL );
PK_VALIDATE_RET( hash != NULL );
PK_VALIDATE_RET( sig != NULL );
if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ! mbedtls_pk_can_do( ctx, type ) ) if( ! mbedtls_pk_can_do( ctx, type ) )
@ -345,7 +361,11 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_pk_restart_ctx *rs_ctx ) mbedtls_pk_restart_ctx *rs_ctx )
{ {
if( ctx == NULL || ctx->pk_info == NULL || PK_VALIDATE_RET( ctx != NULL );
PK_VALIDATE_RET( hash != NULL );
PK_VALIDATE_RET( sig != NULL );
if( ctx->pk_info == NULL ||
pk_hashlen_helper( md_alg, &hash_len ) != 0 ) pk_hashlen_helper( md_alg, &hash_len ) != 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@ -399,7 +419,12 @@ int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
unsigned char *output, size_t *olen, size_t osize, unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{ {
if( ctx == NULL || ctx->pk_info == NULL ) PK_VALIDATE_RET( ctx != NULL );
PK_VALIDATE_RET( input != NULL || ilen == 0 );
PK_VALIDATE_RET( output != NULL || osize == 0 );
PK_VALIDATE_RET( olen != NULL );
if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->decrypt_func == NULL ) if( ctx->pk_info->decrypt_func == NULL )
@ -417,7 +442,12 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
unsigned char *output, size_t *olen, size_t osize, unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{ {
if( ctx == NULL || ctx->pk_info == NULL ) PK_VALIDATE_RET( ctx != NULL );
PK_VALIDATE_RET( input != NULL || ilen == 0 );
PK_VALIDATE_RET( output != NULL || osize == 0 );
PK_VALIDATE_RET( olen != NULL );
if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->encrypt_func == NULL ) if( ctx->pk_info->encrypt_func == NULL )
@ -432,8 +462,11 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
*/ */
int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ) int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
{ {
if( pub == NULL || pub->pk_info == NULL || PK_VALIDATE_RET( pub != NULL );
prv == NULL || prv->pk_info == NULL || PK_VALIDATE_RET( prv != NULL );
if( pub->pk_info == NULL ||
prv->pk_info == NULL ||
prv->pk_info->check_pair_func == NULL ) prv->pk_info->check_pair_func == NULL )
{ {
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@ -469,7 +502,8 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
*/ */
int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items ) int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
{ {
if( ctx == NULL || ctx->pk_info == NULL ) PK_VALIDATE_RET( ctx != NULL );
if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->debug_func == NULL ) if( ctx->pk_info->debug_func == NULL )

View file

@ -61,6 +61,12 @@
#define mbedtls_free free #define mbedtls_free free
#endif #endif
/* Parameter validation macros based on platform_util.h */
#define PK_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
#define PK_VALIDATE( cond ) \
MBEDTLS_INTERNAL_VALIDATE( cond )
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
/* /*
* Load all data from a file into a given buffer. * Load all data from a file into a given buffer.
@ -74,6 +80,10 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
FILE *f; FILE *f;
long size; long size;
PK_VALIDATE_RET( path != NULL );
PK_VALIDATE_RET( buf != NULL );
PK_VALIDATE_RET( n != NULL );
if( ( f = fopen( path, "rb" ) ) == NULL ) if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
@ -124,6 +134,8 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
size_t n; size_t n;
unsigned char *buf; unsigned char *buf;
PK_VALIDATE_RET( ctx != NULL );
if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
return( ret ); return( ret );
@ -148,6 +160,8 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
size_t n; size_t n;
unsigned char *buf; unsigned char *buf;
PK_VALIDATE_RET( ctx != NULL );
if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
return( ret ); return( ret );
@ -605,6 +619,11 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
const mbedtls_pk_info_t *pk_info; const mbedtls_pk_info_t *pk_info;
PK_VALIDATE_RET( p != NULL );
PK_VALIDATE_RET( *p != NULL );
PK_VALIDATE_RET( end != NULL );
PK_VALIDATE_RET( pk != NULL );
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{ {
@ -1145,11 +1164,16 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
{ {
int ret; int ret;
const mbedtls_pk_info_t *pk_info; const mbedtls_pk_info_t *pk_info;
#if defined(MBEDTLS_PEM_PARSE_C) #if defined(MBEDTLS_PEM_PARSE_C)
size_t len; size_t len;
mbedtls_pem_context pem; mbedtls_pem_context pem;
#endif
PK_VALIDATE_RET( pk != NULL );
PK_VALIDATE_RET( key != NULL || keylen == 0 );
PK_VALIDATE_RET( pwd != NULL || pwdlen == 0 );
#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_init( &pem ); mbedtls_pem_init( &pem );
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
@ -1360,7 +1384,12 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
#if defined(MBEDTLS_PEM_PARSE_C) #if defined(MBEDTLS_PEM_PARSE_C)
size_t len; size_t len;
mbedtls_pem_context pem; mbedtls_pem_context pem;
#endif
PK_VALIDATE_RET( ctx != NULL );
PK_VALIDATE_RET( key != NULL || keylen == 0 );
#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_init( &pem ); mbedtls_pem_init( &pem );
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */

View file

@ -30,6 +30,7 @@
#include "mbedtls/pk.h" #include "mbedtls/pk.h"
#include "mbedtls/asn1write.h" #include "mbedtls/asn1write.h"
#include "mbedtls/oid.h" #include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
@ -54,6 +55,12 @@
#define mbedtls_free free #define mbedtls_free free
#endif #endif
/* Parameter validation macros based on platform_util.h */
#define PK_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
#define PK_VALIDATE( cond ) \
MBEDTLS_INTERNAL_VALIDATE( cond )
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
/* /*
* RSAPublicKey ::= SEQUENCE { * RSAPublicKey ::= SEQUENCE {
@ -151,6 +158,11 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
int ret; int ret;
size_t len = 0; size_t len = 0;
PK_VALIDATE_RET( p != NULL );
PK_VALIDATE_RET( *p != NULL );
PK_VALIDATE_RET( start != NULL );
PK_VALIDATE_RET( key != NULL );
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA ) if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) ); MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );
@ -173,6 +185,9 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si
size_t len = 0, par_len = 0, oid_len; size_t len = 0, par_len = 0, oid_len;
const char *oid; const char *oid;
PK_VALIDATE_RET( key != NULL );
PK_VALIDATE_RET( buf != NULL || size == 0 );
c = buf + size; c = buf + size;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) );
@ -217,9 +232,14 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si
int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size ) int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
{ {
int ret; int ret;
unsigned char *c = buf + size; unsigned char *c;
size_t len = 0; size_t len = 0;
PK_VALIDATE_RET( key != NULL );
PK_VALIDATE_RET( buf != NULL || size == 0 );
c = buf + size;
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA ) if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
{ {
@ -457,6 +477,9 @@ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, si
unsigned char output_buf[PUB_DER_MAX_BYTES]; unsigned char output_buf[PUB_DER_MAX_BYTES];
size_t olen = 0; size_t olen = 0;
PK_VALIDATE_RET( key != NULL );
PK_VALIDATE_RET( buf != NULL || size == 0 );
if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf, if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf,
sizeof(output_buf) ) ) < 0 ) sizeof(output_buf) ) ) < 0 )
{ {
@ -480,6 +503,9 @@ int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_
const char *begin, *end; const char *begin, *end;
size_t olen = 0; size_t olen = 0;
PK_VALIDATE_RET( key != NULL );
PK_VALIDATE_RET( buf != NULL || size == 0 );
if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 ) if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 )
return( ret ); return( ret );