From 316d5a982b2534af2238af3560db8fa103a9169a Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Mon, 8 May 2023 06:32:37 +0200 Subject: restrict rsaBITS algorithm name check in speed Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/20898) --- apps/speed.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 8afc9834ba..1d8304f105 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -22,6 +22,8 @@ #define KEM_SECONDS PKEY_SECONDS #define SIG_SECONDS PKEY_SECONDS +#define MAX_ALGNAME_SUFFIX 100 + /* We need to use some deprecated APIs */ #define OPENSSL_SUPPRESS_DEPRECATED @@ -3548,13 +3550,16 @@ skip_hmac: size_t send_secret_len, out_len; size_t rcv_secret_len; unsigned char *out = NULL, *send_secret = NULL, *rcv_secret; - size_t bits; + unsigned int bits; char *name; + char sfx[MAX_ALGNAME_SUFFIX]; OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; int use_params = 0; enum kem_type_t { KEM_RSA = 1, KEM_EC, KEM_X25519, KEM_X448 } kem_type; - if (strncmp(kem_name, "rsa", 3) == 0) + /* no string after rsa permitted: */ + if (strlen(kem_name) < MAX_ALGNAME_SUFFIX + 4 /* rsa+digit */ + && sscanf(kem_name, "rsa%u%s", &bits, sfx) == 1) kem_type = KEM_RSA; else if (strncmp(kem_name, "EC", 2) == 0) kem_type = KEM_EC; @@ -3571,9 +3576,8 @@ skip_hmac: } if (kem_type == KEM_RSA) { - bits = atoi(kem_name + 3); - params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, - &bits); + params[0] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_RSA_BITS, + &bits); use_params = 1; } else if (kem_type == KEM_EC) { name = (char *)(kem_name + 2); @@ -3734,9 +3738,10 @@ skip_hmac: EVP_PKEY_CTX *sig_verify_ctx = NULL; unsigned char md[SHA256_DIGEST_LENGTH]; unsigned char *sig; + char sfx[MAX_ALGNAME_SUFFIX]; size_t md_len = SHA256_DIGEST_LENGTH; size_t max_sig_len, sig_len; - size_t bits; + unsigned int bits; OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; int use_params = 0; @@ -3749,10 +3754,11 @@ skip_hmac: ERR_print_errors(bio_err); } - if (strncmp(sig_name, "rsa", 3) == 0) { - bits = atoi(sig_name + 3); - params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, - &bits); + /* no string after rsa permitted: */ + if (strlen(sig_name) < MAX_ALGNAME_SUFFIX + 4 /* rsa+digit */ + && sscanf(sig_name, "rsa%u%s", &bits, sfx) == 1) { + params[0] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_RSA_BITS, + &bits); use_params = 1; } @@ -3774,7 +3780,7 @@ skip_hmac: if (sig_gen_ctx == NULL) sig_gen_ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), - (strncmp(sig_name, "rsa", 3) == 0) ? "RSA" : sig_name, + use_params == 1 ? "RSA" : sig_name, app_get0_propq()); if (!sig_gen_ctx || EVP_PKEY_keygen_init(sig_gen_ctx) <= 0 @@ -3796,7 +3802,7 @@ skip_hmac: app_get0_propq()); if (sig_sign_ctx == NULL || EVP_PKEY_sign_init(sig_sign_ctx) <= 0 - || (strncmp(sig_name, "rsa", 3) == 0 + || (use_params == 1 && (EVP_PKEY_CTX_set_rsa_padding(sig_sign_ctx, RSA_PKCS1_PADDING) <= 0)) || EVP_PKEY_sign(sig_sign_ctx, NULL, &max_sig_len, @@ -3822,7 +3828,7 @@ skip_hmac: app_get0_propq()); if (sig_verify_ctx == NULL || EVP_PKEY_verify_init(sig_verify_ctx) <= 0 - || (strncmp(sig_name, "rsa", 3) == 0 + || (use_params == 1 && (EVP_PKEY_CTX_set_rsa_padding(sig_verify_ctx, RSA_PKCS1_PADDING) <= 0))) { BIO_printf(bio_err, -- cgit v1.2.1