mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 16:27:27 +00:00
4cbf9d8d2c
CVE-2023-5992: A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2023-5992] [https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992] Upstream patches: [https://github.com/OpenSC/OpenSC/pull/2948] [https://github.com/OpenSC/OpenSC/pull/3016] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
76 lines
3.1 KiB
Diff
76 lines
3.1 KiB
Diff
From 0039fe386c996faffaa2cf2d728c176cc239468b Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
|
|
Date: Mon, 5 Feb 2024 13:33:05 +0100
|
|
Subject: [PATCH 10/10] Fix constant-time comparison of negative values
|
|
|
|
Thanks Coverity CID 414687
|
|
|
|
CVE: CVE-2023-5992
|
|
Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/pull/3016]
|
|
|
|
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
|
|
---
|
|
src/common/constant-time.h | 6 ++++++
|
|
src/minidriver/minidriver.c | 4 ++--
|
|
src/pkcs11/framework-pkcs15.c | 4 ++--
|
|
3 files changed, 10 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/src/common/constant-time.h b/src/common/constant-time.h
|
|
index 40c3e500c..3f4446d4d 100644
|
|
--- a/src/common/constant-time.h
|
|
+++ b/src/common/constant-time.h
|
|
@@ -125,4 +125,10 @@ constant_time_eq_s(size_t a, size_t b)
|
|
return constant_time_is_zero_s(a ^ b);
|
|
}
|
|
|
|
+static constant_inline unsigned int
|
|
+constant_time_eq_i(int a, int b)
|
|
+{
|
|
+ return constant_time_eq((unsigned int)a, (unsigned int)b);
|
|
+}
|
|
+
|
|
#endif /* CONSTANT_TIME_H */
|
|
diff --git a/src/minidriver/minidriver.c b/src/minidriver/minidriver.c
|
|
index 37e576ba2..e2be9e53d 100644
|
|
--- a/src/minidriver/minidriver.c
|
|
+++ b/src/minidriver/minidriver.c
|
|
@@ -4590,7 +4590,7 @@ DWORD WINAPI CardRSADecrypt(__in PCARD_DATA pCardData,
|
|
logprintf(pCardData, 2, "sc_pkcs15_decipher: stripping PKCS1 padding\n");
|
|
r = sc_pkcs1_strip_02_padding_constant_time(vs->ctx, prkey_info->modulus_length / 8, pbuf2, pInfo->cbData, pbuf2, &temp);
|
|
pInfo->cbData = (DWORD) temp;
|
|
- wrong_padding = constant_time_eq_s(r, SC_ERROR_WRONG_PADDING);
|
|
+ wrong_padding = constant_time_eq_i(r, SC_ERROR_WRONG_PADDING);
|
|
/* continue without returning error to not leak that padding is wrong
|
|
to prevent time side-channel leak for Marvin attack*/
|
|
}
|
|
@@ -4640,7 +4640,7 @@ DWORD WINAPI CardRSADecrypt(__in PCARD_DATA pCardData,
|
|
goto err;
|
|
}
|
|
|
|
- good = constant_time_eq_s(r, 0);
|
|
+ good = constant_time_eq_i(r, 0);
|
|
/* if no error or padding error, do not return here to prevent Marvin attack */
|
|
if (!(good | wrong_padding) && r < 0) {
|
|
logprintf(pCardData, 2, "sc_pkcs15_decipher error(%i): %s\n", r, sc_strerror(r));
|
|
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
|
|
index 8376057ea..8b0a63b10 100644
|
|
--- a/src/pkcs11/framework-pkcs15.c
|
|
+++ b/src/pkcs11/framework-pkcs15.c
|
|
@@ -4433,11 +4433,11 @@ pkcs15_prkey_decrypt(struct sc_pkcs11_session *session, void *obj,
|
|
|
|
/* only padding error must be handled in constant-time way,
|
|
* other error can be returned straight away */
|
|
- if ((~constant_time_eq_s(rv, SC_ERROR_WRONG_PADDING) & constant_time_lt_s(sizeof(decrypted), rv)))
|
|
+ if ((~constant_time_eq_i(rv, SC_ERROR_WRONG_PADDING) & constant_time_lt_s(sizeof(decrypted), (size_t)rv)))
|
|
return sc_to_cryptoki_error(rv, "C_Decrypt");
|
|
|
|
/* check rv for padding error */
|
|
- good = ~constant_time_eq_s(rv, SC_ERROR_WRONG_PADDING);
|
|
+ good = ~constant_time_eq_i(rv, SC_ERROR_WRONG_PADDING);
|
|
rv_pkcs11 = sc_to_cryptoki_error(SC_ERROR_WRONG_PADDING, "C_Decrypt");
|
|
rv_pkcs11 = constant_time_select_s(good, CKR_OK, rv_pkcs11);
|
|
|
|
--
|
|
2.50.0
|
|
|