diff options
| author | wtc%google.com <devnull@localhost> | 2012-04-05 21:14:22 +0000 |
|---|---|---|
| committer | wtc%google.com <devnull@localhost> | 2012-04-05 21:14:22 +0000 |
| commit | a628f164c4a4e3ca0fb2678aadcd36e6b3dea3a0 (patch) | |
| tree | 0fbe9f51dd0a18085fa7e14079ec5ddd84466235 | |
| parent | bec0c262154cdd0d873575af163e2587c58b2ecb (diff) | |
| download | nss-hg-a628f164c4a4e3ca0fb2678aadcd36e6b3dea3a0.tar.gz | |
Bug 715073: Use an alternative ASN.1 template that allows RSA modulus to beNSS_3_13_4_BETA2
zero length if a secret key disguised as an RSA key cannot be decoded.
This allows us to decode secret keys that have an improperly encoded
modulus (a zero-length integer). The patch is partially contributed by
Kaspar Brand <mozbugzilla@velox.ch>. r=Kaspar Brand.
Modified Files:
Tag: NSS_3_13_4_BRANCH
keydb.c lowkey.c lowkeyti.h
| -rw-r--r-- | security/nss/lib/softoken/legacydb/keydb.c | 29 | ||||
| -rw-r--r-- | security/nss/lib/softoken/legacydb/lowkey.c | 18 | ||||
| -rw-r--r-- | security/nss/lib/softoken/legacydb/lowkeyti.h | 1 |
3 files changed, 48 insertions, 0 deletions
diff --git a/security/nss/lib/softoken/legacydb/keydb.c b/security/nss/lib/softoken/legacydb/keydb.c index 6cd0a2f00..ce5bf7e00 100644 --- a/security/nss/lib/softoken/legacydb/keydb.c +++ b/security/nss/lib/softoken/legacydb/keydb.c @@ -1790,6 +1790,35 @@ seckey_decrypt_private_key(SECItem*epki, rv = SEC_QuickDERDecodeItem(permarena, pk, lg_nsslowkey_RSAPrivateKeyTemplate, &newPrivateKey); + if (rv == SECSuccess) { + break; + } + /* Try decoding with the alternative template, but only allow + * a zero-length modulus for a secret key object. + * See bug 715073. + */ + rv = SEC_QuickDERDecodeItem(permarena, pk, + lg_nsslowkey_RSAPrivateKeyTemplate2, + &newPrivateKey); + /* A publicExponent of 0 is the defining property of a secret + * key disguised as an RSA key. When decoding with the + * alternative template, only accept a secret key with an + * improperly encoded modulus and a publicExponent of 0. + */ + if (rv == SECSuccess) { + if (pk->u.rsa.modulus.len == 2 && + pk->u.rsa.modulus.data[0] == SEC_ASN1_INTEGER && + pk->u.rsa.modulus.data[1] == 0 && + pk->u.rsa.publicExponent.len == 1 && + pk->u.rsa.publicExponent.data[0] == 0) { + /* Fix the zero-length integer by setting it to 0. */ + pk->u.rsa.modulus.data = pk->u.rsa.publicExponent.data; + pk->u.rsa.modulus.len = pk->u.rsa.publicExponent.len; + } else { + PORT_SetError(SEC_ERROR_BAD_DER); + rv = SECFailure; + } + } break; case SEC_OID_ANSIX9_DSA_SIGNATURE: pk->keyType = NSSLOWKEYDSAKey; diff --git a/security/nss/lib/softoken/legacydb/lowkey.c b/security/nss/lib/softoken/legacydb/lowkey.c index 28a7ac94c..ca8a4907c 100644 --- a/security/nss/lib/softoken/legacydb/lowkey.c +++ b/security/nss/lib/softoken/legacydb/lowkey.c @@ -97,6 +97,24 @@ const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate[] = { { 0 } }; +/* + * Allows u.rsa.modulus to be zero length for secret keys with an empty + * CKA_ID incorrectly generated in NSS 3.13.3 or earlier. Only used for + * decoding. See bug 715073. + */ +const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate2[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) }, + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.version) }, + { SEC_ASN1_ANY, offsetof(NSSLOWKEYPrivateKey,u.rsa.modulus) }, + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.publicExponent) }, + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.privateExponent) }, + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.prime1) }, + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.prime2) }, + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.exponent1) }, + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.exponent2) }, + { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.coefficient) }, + { 0 } +}; const SEC_ASN1Template lg_nsslowkey_DSAPrivateKeyTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) }, diff --git a/security/nss/lib/softoken/legacydb/lowkeyti.h b/security/nss/lib/softoken/legacydb/lowkeyti.h index 2e2cdf0c9..27dff2033 100644 --- a/security/nss/lib/softoken/legacydb/lowkeyti.h +++ b/security/nss/lib/softoken/legacydb/lowkeyti.h @@ -72,6 +72,7 @@ typedef struct NSSLOWKEYDBHandleStr NSSLOWKEYDBHandle; */ extern const SEC_ASN1Template lg_nsslowkey_PQGParamsTemplate[]; extern const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate[]; +extern const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate2[]; extern const SEC_ASN1Template lg_nsslowkey_DSAPrivateKeyTemplate[]; extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[]; extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyExportTemplate[]; |