diff --git a/os_stub/cryptlib_mbedtls/pk/x509.c b/os_stub/cryptlib_mbedtls/pk/x509.c index d8fedb005cb..06a57caff4a 100644 --- a/os_stub/cryptlib_mbedtls/pk/x509.c +++ b/os_stub/cryptlib_mbedtls/pk/x509.c @@ -712,11 +712,18 @@ bool libspdm_x509_verify_cert_chain(const uint8_t *root_cert, size_t root_cert_l &tmp_ptr, cert_chain + cert_chain_length, &asn1_len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); if (ret != 0) { + if (current_cert < cert_chain + cert_chain_length) + verify_flag = false; break; } current_cert_len = asn1_len + (tmp_ptr - current_cert); + if (current_cert + current_cert_len > cert_chain + cert_chain_length) { + verify_flag = false; + break; + } + if (libspdm_x509_verify_cert(current_cert, current_cert_len, preceding_cert, preceding_cert_len) == false) { @@ -799,6 +806,9 @@ bool libspdm_x509_get_cert_from_cert_chain(const uint8_t *cert_chain, } current_cert_len = asn1_len + (tmp_ptr - current_cert); + if (current_cert + current_cert_len > cert_chain + cert_chain_length) + return false; + current_index++; if (current_index == cert_index) { diff --git a/os_stub/cryptlib_openssl/pk/x509.c b/os_stub/cryptlib_openssl/pk/x509.c index f74f0f2a1c4..bf82dc7f0fc 100644 --- a/os_stub/cryptlib_openssl/pk/x509.c +++ b/os_stub/cryptlib_openssl/pk/x509.c @@ -2074,6 +2074,8 @@ bool libspdm_x509_verify_cert_chain(const uint8_t *root_cert, size_t root_cert_l (int *)&asn1_tag, (int *)&obj_class, (long)(cert_chain_length + cert_chain - tmp_ptr)); if (asn1_tag != V_ASN1_SEQUENCE || ret & OPENSSL_ASN1_ERROR_MASK) { + if (current_cert < cert_chain + cert_chain_length) + verify_flag = false; break; } @@ -2081,6 +2083,10 @@ bool libspdm_x509_verify_cert_chain(const uint8_t *root_cert, size_t root_cert_l /* Calculate current_cert length;*/ current_cert_len = tmp_ptr - current_cert + length; + if (current_cert + current_cert_len > cert_chain + cert_chain_length) { + verify_flag = false; + break; + } /* Verify current_cert with preceding cert;*/ diff --git a/unit_test/test_crypt/x509_verify.c b/unit_test/test_crypt/x509_verify.c index 7c15a4560ec..be6a73427e5 100644 --- a/unit_test/test_crypt/x509_verify.c +++ b/unit_test/test_crypt/x509_verify.c @@ -189,7 +189,7 @@ bool libspdm_validate_crypt_x509(char *Path, size_t len) status = libspdm_x509_verify_cert_chain((const uint8_t *)test_ca_cert, test_ca_cert_len, (const uint8_t *)test_ca_cert, test_ca_cert_len + 1); - if (!status) { + if (status) { libspdm_my_print("[Fail]\n"); goto cleanup; } else { diff --git a/unit_test/test_spdm_crypt/test_spdm_crypt.c b/unit_test/test_spdm_crypt/test_spdm_crypt.c index 59a30dd7ba2..b7ddd1286eb 100644 --- a/unit_test/test_spdm_crypt/test_spdm_crypt.c +++ b/unit_test/test_spdm_crypt/test_spdm_crypt.c @@ -468,6 +468,7 @@ void libspdm_test_crypt_spdm_x509_set_cert_certificate_check_ex(void **state) false, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT); assert_true(status); + status = libspdm_x509_set_cert_certificate_check_ex(file_buffer, file_buffer_size, SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048, SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256, @@ -526,6 +527,13 @@ void libspdm_test_crypt_spdm_verify_cert_chain_data_ex(void **state) SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT); assert_true(status); + status = libspdm_verify_cert_chain_data_ex(file_buffer, file_buffer_size + 1, + SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048, + SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256, + true, + SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT); + assert_false(status); + status = libspdm_verify_cert_chain_data_ex(file_buffer, file_buffer_size, SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048, SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256, @@ -545,6 +553,13 @@ void libspdm_test_crypt_spdm_verify_cert_chain_data_ex(void **state) SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT); assert_true(status); + status = libspdm_verify_cert_chain_data_ex(file_buffer, file_buffer_size + 1, + SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256, + SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256, + false, + SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT); + assert_false(status); + status = libspdm_verify_cert_chain_data_ex(file_buffer, file_buffer_size, SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256, SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256, @@ -577,6 +592,14 @@ void libspdm_test_crypt_spdm_verify_certificate_chain_buffer_ex(void **state) SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT); assert_true(status); + status = libspdm_verify_certificate_chain_buffer_ex( + SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256, + SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048, + data,data_size + 1, + true, + SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT); + assert_false(status); + status = libspdm_verify_certificate_chain_buffer_ex( SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256, SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048, @@ -602,6 +625,14 @@ void libspdm_test_crypt_spdm_verify_certificate_chain_buffer_ex(void **state) SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT); assert_true(status); + status = libspdm_verify_certificate_chain_buffer_ex( + SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256, + SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256, + data,data_size + 1, + false, + SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT); + assert_false(status); + status = libspdm_verify_certificate_chain_buffer_ex( SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256, SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,