xmlsec-nss: RSA-OAEP key transport is not implemented #2

lsh123 · 2016-01-28T18:32:29Z

RSA-OAEP is not yet implemented in NSS.

NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=158747

Migrated from: https://bugzilla.gnome.org/show_bug.cgi?id=118629

Due to reading uninitialized memory. gdb says: Assertion failure: dest == NULL || dest->data == NULL, at secasn1e.c:1483 Program received signal SIGABRT, Aborted. 0x00007ffff74748d7 in raise () from /lib64/libc.so.6 (gdb) up lsh123#1 0x00007ffff7475caa in abort () from /lib64/libc.so.6 (gdb) lsh123#2 0x00007fffe57f96ae in PR_Assert (s=0x7fffe1cbf298 "dest == NULL || dest->data == NULL", file=0x7fffe1cbef60 "secasn1e.c", ln=1483) at ../../../../pr/src/io/prlog.c:553 553 abort(); (gdb) lsh123#3 0x00007fffe1cb1941 in SEC_ASN1EncodeItem_Util (poolp=0x0, dest=0x7fffffff95f0, src=0x7fffffff9530, theTemplate=0x7fffe55ae180 <DSA_SignatureTemplate>) at secasn1e.c:1483 1483 PORT_Assert(dest == NULL || dest->data == NULL);

Due to reading uninitialized memory. gdb says: Assertion failure: dest == NULL || dest->data == NULL, at secasn1e.c:1483 Program received signal SIGABRT, Aborted. 0x00007ffff74748d7 in raise () from /lib64/libc.so.6 (gdb) up #1 0x00007ffff7475caa in abort () from /lib64/libc.so.6 (gdb) #2 0x00007fffe57f96ae in PR_Assert (s=0x7fffe1cbf298 "dest == NULL || dest->data == NULL", file=0x7fffe1cbef60 "secasn1e.c", ln=1483) at ../../../../pr/src/io/prlog.c:553 553 abort(); (gdb) #3 0x00007fffe1cb1941 in SEC_ASN1EncodeItem_Util (poolp=0x0, dest=0x7fffffff95f0, src=0x7fffffff9530, theTemplate=0x7fffe55ae180 <DSA_SignatureTemplate>) at secasn1e.c:1483 1483 PORT_Assert(dest == NULL || dest->data == NULL);

Due to reading uninitialized memory. gdb says: Assertion failure: dest == NULL || dest->data == NULL, at secasn1e.c:1483 Program received signal SIGABRT, Aborted. 0x00007ffff74748d7 in raise () from /lib64/libc.so.6 (gdb) up lsh123#1 0x00007ffff7475caa in abort () from /lib64/libc.so.6 (gdb) lsh123#2 0x00007fffe57f96ae in PR_Assert (s=0x7fffe1cbf298 "dest == NULL || dest->data == NULL", file=0x7fffe1cbef60 "secasn1e.c", ln=1483) at ../../../../pr/src/io/prlog.c:553 553 abort(); (gdb) lsh123#3 0x00007fffe1cb1941 in SEC_ASN1EncodeItem_Util (poolp=0x0, dest=0x7fffffff95f0, src=0x7fffffff9530, theTemplate=0x7fffe55ae180 <DSA_SignatureTemplate>) at secasn1e.c:1483 1483 PORT_Assert(dest == NULL || dest->data == NULL);

When building with clang -fsanitize=undefined, ubsan says: x509.c:1750:46: runtime error: shift exponent 64 is too large for 64-bit type 'PRUint64' (aka 'unsigned long') #0 0x444d45 in xmlSecNssASN1IntegerWrite src/nss/x509.c:1750:46 lsh123#1 0x4443ec in xmlSecNssX509IssuerSerialNodeWrite src/nss/x509.c:1259:11 lsh123#2 0x4403ba in xmlSecNssKeyDataX509XmlWrite src/nss/x509.c:769:19 lsh123#3 0x45962a in xmlSecKeyInfoNodeWrite src/keyinfo.c:180:19 lsh123#4 0x480149 in xmlSecDSigCtxProcessKeyInfoNode src/xmldsig.c:807:15 lsh123#5 0x47c774 in xmlSecDSigCtxProcessSignatureNode src/xmldsig.c:506:11 lsh123#6 0x47bfb2 in xmlSecDSigCtxSign src/xmldsig.c:289:11 And indeed shifting a 64bit value by 64 bits happens in practice there as num->len is 9. At the same time (at least in case of the test) in all 3 cases the value that would be shifted is 0. Avoid undefined behavior by simply not shifting if the value is 0 anyway. Testcase: make check-crypto-nss XMLSEC_TEST_NAME="aleksey-xmldsig-01/x509data-sn-test"

When building with clang -fsanitize=undefined, ubsan says: x509.c:1750:46: runtime error: shift exponent 64 is too large for 64-bit type 'PRUint64' (aka 'unsigned long') #0 0x444d45 in xmlSecNssASN1IntegerWrite src/nss/x509.c:1750:46 #1 0x4443ec in xmlSecNssX509IssuerSerialNodeWrite src/nss/x509.c:1259:11 #2 0x4403ba in xmlSecNssKeyDataX509XmlWrite src/nss/x509.c:769:19 #3 0x45962a in xmlSecKeyInfoNodeWrite src/keyinfo.c:180:19 #4 0x480149 in xmlSecDSigCtxProcessKeyInfoNode src/xmldsig.c:807:15 #5 0x47c774 in xmlSecDSigCtxProcessSignatureNode src/xmldsig.c:506:11 #6 0x47bfb2 in xmlSecDSigCtxSign src/xmldsig.c:289:11 And indeed shifting a 64bit value by 64 bits happens in practice there as num->len is 9. At the same time (at least in case of the test) in all 3 cases the value that would be shifted is 0. Avoid undefined behavior by simply not shifting if the value is 0 anyway. Testcase: make check-crypto-nss XMLSEC_TEST_NAME="aleksey-xmldsig-01/x509data-sn-test"

lsh123 · 2022-11-24T04:18:13Z

Done

lsh123 added a commit that referenced this issue Dec 26, 2016

pass #2

0044bc8

vmiklos mentioned this issue Sep 7, 2018

nss: fix undefined behavior due to too large shift #221

Merged

This was referenced Nov 24, 2022

add NSS RSA OAEP support #443

Merged

update docs for RSA OAEP support in xmlsec-nss #444

Merged

lsh123 closed this as completed Nov 24, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

xmlsec-nss: RSA-OAEP key transport is not implemented #2

xmlsec-nss: RSA-OAEP key transport is not implemented #2

lsh123 commented Jan 28, 2016

lsh123 commented Nov 24, 2022

xmlsec-nss: RSA-OAEP key transport is not implemented #2

xmlsec-nss: RSA-OAEP key transport is not implemented #2

Comments

lsh123 commented Jan 28, 2016

lsh123 commented Nov 24, 2022