openpgp: Oss-fuzz fixes #3219
Merged
openpgp: Oss-fuzz fixes #3219
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When generating RSA key pair using PKCS#15 init, the driver could accept responses relevant to ECC keys, which made further processing in the pkcs15-init failing/accessing invalid parts of structures. Thanks oss-fuzz! https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71010 Signed-off-by: Jakub Jelen <[email protected]>
Jakuje
changed the title
Fix also surrounding code to return error (not just log it) when some step fails. Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70933 Signed-off-by: Jakub Jelen <[email protected]>
xhanulik
reviewed
Aug 15, 2024
src/libopensc/card-openpgp.c
Outdated
| r = SC_ERROR_OUT_OF_MEMORY; | ||
| LOG_TEST_GOTO_ERR(card->ctx, r, "Cannot find blob 00C5"); | ||
| } | ||
| if (20 * key_info->key_id > fpseq_blob->len) { |
Member
There was a problem hiding this comment.
This check covers line p = newdata + 20 * (key_info->key_id - 1);, but memcpy(p, fingerprint, 20); is accessing another 20 bytes.
Member
Author
There was a problem hiding this comment.
That is the reason why there is not the - 1 in the condition -- to account for the additional 20 bytes.
Member
Author
There was a problem hiding this comment.
Turns out the windows compilers are not happy about this signed/unsigned comparison so this is something I will have to fix too.
Member
Author
There was a problem hiding this comment.
ugh ... all of these are unsigned on any sane platform. Unless the 20* would covert the u8 to signed or the u8 would be signed on windows. Any ideas?
card-openpgp.c(2788): error C2220: warning treated as error - no 'object' file generated
card-openpgp.c(2788): warning C4018: '>': signed/unsigned mismatch
Member
There was a problem hiding this comment.
not sure, isn't maybe 20 (when not 20U) considered to by signed?
Member
Author
There was a problem hiding this comment.
Seems like it helped. So lets wait for the CI to finish.
This avoids buffer overrun later when the further processing assumes the length is a field length Signed-off-by: Jakub Jelen <[email protected]>
xhanulik
approved these changes
Aug 16, 2024
frankmorgner
approved these changes
Aug 19, 2024
Member
Author
|
Thank you for reviews! Merging. |
13 tasks
dangowrt
added a commit
to dangowrt/packages
that referenced
this pull request
Apr 26, 2025
New in 0.26.1; 2025-01-14
General improvements
Align allocations of sc_mem_secure_alloc (OpenSC/OpenSC#3281)
Fix -O3 gcc optimization failure on amd64 and ppc64el (OpenSC/OpenSC#3299)
pkcs11-spy
Avoid crash while spying C_GetInterface() (OpenSC/OpenSC#3275)
TCOS
Fix reading certificate (OpenSC/OpenSC#3296)
New in 0.26.0; 2024-11-13
Security
CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (OpenSC/OpenSC#3219)
General improvements
Fix reselection of DF after error in PKCSOpenSC/OpenSC#15 layer (OpenSC/OpenSC#3067)
Unify OpenSSL logging throughout code (OpenSC/OpenSC#2922)
Extend the p11test to support kryoptic (OpenSC/OpenSC#3141)
Fix for error in PCSC reconnection (OpenSC/OpenSC#3150)
Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer
PKCS#15
Documentation for PKCS#15 profile files (OpenSC/OpenSC#3132)
minidriver
Support PinCacheAlwaysPrompt usable for PIV cards (OpenSC/OpenSC#3167)
pkcs11-tool
Show URI when listing token information (OpenSC/OpenSC#3125) and objects (OpenSC/OpenSC#3130)
Do not limit size of objects to 5000 bytes (OpenSC/OpenSC#3174)
Add support for AES CMAC (OpenSC/OpenSC#3184)
Add support for AES GCM encryption (OpenSC/OpenSC#3195)
Add support for RSA OAEP encryption (OpenSC/OpenSC#3175)
Add support for HKDF (OpenSC/OpenSC#3193)
Implement better support for wrapping and unwrapping (OpenSC/OpenSC#3198)
Add support for EdDSA sign and verify (OpenSC/OpenSC#2979)
pkcs15-crypt
Fix PKCS#1 encoding function to correctly detect padding type (OpenSC/OpenSC#3075)
piv-tool
Fix RSA key generation (OpenSC/OpenSC#3158)
Avoid possible state change when matching unknown card (OpenSC/OpenSC#3112)
sc-hsm-tool
Cleanse buffer with plaintext key share (OpenSC/OpenSC#3226)
pkcs11-register
Fix pkcs11-register defaults on macOS and Windows (OpenSC/OpenSC#3053)
IDPrime
Fix identification of IDPrime 840 cards (OpenSC/OpenSC#3146)
Fix container mapping for IDPrime 940 cards (OpenSC/OpenSC#3220)
Reorder ATRs for matching cards (OpenSC/OpenSC#3154)
OpenPGP
Fix state tracking after erasing card (OpenSC/OpenSC#3024)
Belpic
Disable Applet V1.8 (OpenSC/OpenSC#3109)
MICARDO
Deactivate driver (OpenSC/OpenSC#3152)
SmartCard-HSM
Fix signing with secp521r1 signature (OpenSC/OpenSC#3157)
eOI
Set model via sc_card_ctl function (OpenSC/OpenSC#3189)
Rutoken
increase the minimum PIN size to support Rutoken ECP BIO (OpenSC/OpenSC#3208)
JPKI
Adjust parameters for public key in PKCS#15 emulator (OpenSC/OpenSC#3182)
D-Trust
Add support for ECDSA signatures and ECDH key agreement for D-Trust Signatures Cards 4.1/4.4 (OpenSC/OpenSC#3240, OpenSC/OpenSC#openwrt#3248)
Signed-off-by: Daniel Golle <[email protected]>
dangowrt
added a commit
to dangowrt/packages
that referenced
this pull request
Apr 26, 2025
New in 0.26.1; 2025-01-14
General improvements
Align allocations of sc_mem_secure_alloc (OpenSC/OpenSC#3281)
Fix -O3 gcc optimization failure on amd64 and ppc64el (OpenSC/OpenSC#3299)
pkcs11-spy
Avoid crash while spying C_GetInterface() (OpenSC/OpenSC#3275)
TCOS
Fix reading certificate (OpenSC/OpenSC#3296)
New in 0.26.0; 2024-11-13
Security
CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (OpenSC/OpenSC#3219)
General improvements
Fix reselection of DF after error in PKCSOpenSC/OpenSC#15 layer (OpenSC/OpenSC#3067)
Unify OpenSSL logging throughout code (OpenSC/OpenSC#2922)
Extend the p11test to support kryoptic (OpenSC/OpenSC#3141)
Fix for error in PCSC reconnection (OpenSC/OpenSC#3150)
Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer
PKCS#15
Documentation for PKCS#15 profile files (OpenSC/OpenSC#3132)
minidriver
Support PinCacheAlwaysPrompt usable for PIV cards (OpenSC/OpenSC#3167)
pkcs11-tool
Show URI when listing token information (OpenSC/OpenSC#3125) and objects (OpenSC/OpenSC#3130)
Do not limit size of objects to 5000 bytes (OpenSC/OpenSC#3174)
Add support for AES CMAC (OpenSC/OpenSC#3184)
Add support for AES GCM encryption (OpenSC/OpenSC#3195)
Add support for RSA OAEP encryption (OpenSC/OpenSC#3175)
Add support for HKDF (OpenSC/OpenSC#3193)
Implement better support for wrapping and unwrapping (OpenSC/OpenSC#3198)
Add support for EdDSA sign and verify (OpenSC/OpenSC#2979)
pkcs15-crypt
Fix PKCS#1 encoding function to correctly detect padding type (OpenSC/OpenSC#3075)
piv-tool
Fix RSA key generation (OpenSC/OpenSC#3158)
Avoid possible state change when matching unknown card (OpenSC/OpenSC#3112)
sc-hsm-tool
Cleanse buffer with plaintext key share (OpenSC/OpenSC#3226)
pkcs11-register
Fix pkcs11-register defaults on macOS and Windows (OpenSC/OpenSC#3053)
IDPrime
Fix identification of IDPrime 840 cards (OpenSC/OpenSC#3146)
Fix container mapping for IDPrime 940 cards (OpenSC/OpenSC#3220)
Reorder ATRs for matching cards (OpenSC/OpenSC#3154)
OpenPGP
Fix state tracking after erasing card (OpenSC/OpenSC#3024)
Belpic
Disable Applet V1.8 (OpenSC/OpenSC#3109)
MICARDO
Deactivate driver (OpenSC/OpenSC#3152)
SmartCard-HSM
Fix signing with secp521r1 signature (OpenSC/OpenSC#3157)
eOI
Set model via sc_card_ctl function (OpenSC/OpenSC#3189)
Rutoken
increase the minimum PIN size to support Rutoken ECP BIO (OpenSC/OpenSC#3208)
JPKI
Adjust parameters for public key in PKCS#15 emulator (OpenSC/OpenSC#3182)
D-Trust
Add support for ECDSA signatures and ECDH key agreement for D-Trust Signatures Cards 4.1/4.4 (OpenSC/OpenSC#3240, OpenSC/OpenSC#openwrt#3248)
Signed-off-by: Daniel Golle <[email protected]>
dangowrt
added a commit
to dangowrt/packages
that referenced
this pull request
Apr 26, 2025
New in 0.26.1; 2025-01-14
General improvements
Align allocations of sc_mem_secure_alloc (OpenSC/OpenSC#3281)
Fix -O3 gcc optimization failure on amd64 and ppc64el (OpenSC/OpenSC#3299)
pkcs11-spy
Avoid crash while spying C_GetInterface() (OpenSC/OpenSC#3275)
TCOS
Fix reading certificate (OpenSC/OpenSC#3296)
New in 0.26.0; 2024-11-13
Security
CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (OpenSC/OpenSC#3219)
General improvements
Fix reselection of DF after error in PKCSOpenSC/OpenSC#15 layer (OpenSC/OpenSC#3067)
Unify OpenSSL logging throughout code (OpenSC/OpenSC#2922)
Extend the p11test to support kryoptic (OpenSC/OpenSC#3141)
Fix for error in PCSC reconnection (OpenSC/OpenSC#3150)
Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer
PKCS#15
Documentation for PKCS#15 profile files (OpenSC/OpenSC#3132)
minidriver
Support PinCacheAlwaysPrompt usable for PIV cards (OpenSC/OpenSC#3167)
pkcs11-tool
Show URI when listing token information (OpenSC/OpenSC#3125) and objects (OpenSC/OpenSC#3130)
Do not limit size of objects to 5000 bytes (OpenSC/OpenSC#3174)
Add support for AES CMAC (OpenSC/OpenSC#3184)
Add support for AES GCM encryption (OpenSC/OpenSC#3195)
Add support for RSA OAEP encryption (OpenSC/OpenSC#3175)
Add support for HKDF (OpenSC/OpenSC#3193)
Implement better support for wrapping and unwrapping (OpenSC/OpenSC#3198)
Add support for EdDSA sign and verify (OpenSC/OpenSC#2979)
pkcs15-crypt
Fix PKCS#1 encoding function to correctly detect padding type (OpenSC/OpenSC#3075)
piv-tool
Fix RSA key generation (OpenSC/OpenSC#3158)
Avoid possible state change when matching unknown card (OpenSC/OpenSC#3112)
sc-hsm-tool
Cleanse buffer with plaintext key share (OpenSC/OpenSC#3226)
pkcs11-register
Fix pkcs11-register defaults on macOS and Windows (OpenSC/OpenSC#3053)
IDPrime
Fix identification of IDPrime 840 cards (OpenSC/OpenSC#3146)
Fix container mapping for IDPrime 940 cards (OpenSC/OpenSC#3220)
Reorder ATRs for matching cards (OpenSC/OpenSC#3154)
OpenPGP
Fix state tracking after erasing card (OpenSC/OpenSC#3024)
Belpic
Disable Applet V1.8 (OpenSC/OpenSC#3109)
MICARDO
Deactivate driver (OpenSC/OpenSC#3152)
SmartCard-HSM
Fix signing with secp521r1 signature (OpenSC/OpenSC#3157)
eOI
Set model via sc_card_ctl function (OpenSC/OpenSC#3189)
Rutoken
increase the minimum PIN size to support Rutoken ECP BIO (OpenSC/OpenSC#3208)
JPKI
Adjust parameters for public key in PKCS#15 emulator (OpenSC/OpenSC#3182)
D-Trust
Add support for ECDSA signatures and ECDH key agreement for D-Trust Signatures Cards 4.1/4.4 (OpenSC/OpenSC#3240, OpenSC/OpenSC#openwrt#3248)
Signed-off-by: Daniel Golle <[email protected]>
dangowrt
added a commit
to openwrt/packages
that referenced
this pull request
Apr 27, 2025
New in 0.26.1; 2025-01-14
General improvements
Align allocations of sc_mem_secure_alloc (OpenSC/OpenSC#3281)
Fix -O3 gcc optimization failure on amd64 and ppc64el (OpenSC/OpenSC#3299)
pkcs11-spy
Avoid crash while spying C_GetInterface() (OpenSC/OpenSC#3275)
TCOS
Fix reading certificate (OpenSC/OpenSC#3296)
New in 0.26.0; 2024-11-13
Security
CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (OpenSC/OpenSC#3219)
General improvements
Fix reselection of DF after error in PKCSOpenSC/OpenSC#15 layer (OpenSC/OpenSC#3067)
Unify OpenSSL logging throughout code (OpenSC/OpenSC#2922)
Extend the p11test to support kryoptic (OpenSC/OpenSC#3141)
Fix for error in PCSC reconnection (OpenSC/OpenSC#3150)
Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer
PKCS#15
Documentation for PKCS#15 profile files (OpenSC/OpenSC#3132)
minidriver
Support PinCacheAlwaysPrompt usable for PIV cards (OpenSC/OpenSC#3167)
pkcs11-tool
Show URI when listing token information (OpenSC/OpenSC#3125) and objects (OpenSC/OpenSC#3130)
Do not limit size of objects to 5000 bytes (OpenSC/OpenSC#3174)
Add support for AES CMAC (OpenSC/OpenSC#3184)
Add support for AES GCM encryption (OpenSC/OpenSC#3195)
Add support for RSA OAEP encryption (OpenSC/OpenSC#3175)
Add support for HKDF (OpenSC/OpenSC#3193)
Implement better support for wrapping and unwrapping (OpenSC/OpenSC#3198)
Add support for EdDSA sign and verify (OpenSC/OpenSC#2979)
pkcs15-crypt
Fix PKCS#1 encoding function to correctly detect padding type (OpenSC/OpenSC#3075)
piv-tool
Fix RSA key generation (OpenSC/OpenSC#3158)
Avoid possible state change when matching unknown card (OpenSC/OpenSC#3112)
sc-hsm-tool
Cleanse buffer with plaintext key share (OpenSC/OpenSC#3226)
pkcs11-register
Fix pkcs11-register defaults on macOS and Windows (OpenSC/OpenSC#3053)
IDPrime
Fix identification of IDPrime 840 cards (OpenSC/OpenSC#3146)
Fix container mapping for IDPrime 940 cards (OpenSC/OpenSC#3220)
Reorder ATRs for matching cards (OpenSC/OpenSC#3154)
OpenPGP
Fix state tracking after erasing card (OpenSC/OpenSC#3024)
Belpic
Disable Applet V1.8 (OpenSC/OpenSC#3109)
MICARDO
Deactivate driver (OpenSC/OpenSC#3152)
SmartCard-HSM
Fix signing with secp521r1 signature (OpenSC/OpenSC#3157)
eOI
Set model via sc_card_ctl function (OpenSC/OpenSC#3189)
Rutoken
increase the minimum PIN size to support Rutoken ECP BIO (OpenSC/OpenSC#3208)
JPKI
Adjust parameters for public key in PKCS#15 emulator (OpenSC/OpenSC#3182)
D-Trust
Add support for ECDSA signatures and ECDH key agreement for D-Trust Signatures Cards 4.1/4.4 (OpenSC/OpenSC#3240, OpenSC/OpenSC##3248)
Signed-off-by: Daniel Golle <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When generating RSA key pair using PKCS#15 init, the driver could accept responses relevant to ECC keys, which made further processing in the pkcs15-init failing/accessing invalid parts of structures.
and
Avoid buffer overflow when writing fingerprint
Thanks oss-fuzz!
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71010
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70933
Checklist