mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
36cf45ef3b
Previously the length of the SM2 plaintext could be incorrectly calculated. The plaintext length was calculated by taking the ciphertext length and taking off an "overhead" value. The overhead value was assumed to have a "fixed" element of 10 bytes. This is incorrect since in some circumstances it can be more than 10 bytes. Additionally the overhead included the length of two integers C1x and C1y, which were assumed to be the same length as the field size (32 bytes for the SM2 curve). However in some cases these integers can have an additional padding byte when the msb is set, to disambiguate them from negative integers. Additionally the integers can also be less than 32 bytes in length in some cases. If the calculated overhead is incorrect and larger than the actual value this can result in the calculated plaintext length being too small. Applications are likely to allocate buffer sizes based on this and therefore a buffer overrun can occur. CVE-2021-3711 Issue reported by John Ouyang. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
87 lines
2.9 KiB
C
87 lines
2.9 KiB
C
/*
|
|
* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
* Copyright 2017 Ribose Inc. All Rights Reserved.
|
|
* Ported from Ribose contributions from Botan.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#ifndef OSSL_CRYPTO_SM2_H
|
|
# define OSSL_CRYPTO_SM2_H
|
|
# pragma once
|
|
|
|
# include <openssl/opensslconf.h>
|
|
|
|
# if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
|
|
|
|
# include <openssl/ec.h>
|
|
# include "crypto/types.h"
|
|
|
|
int ossl_sm2_key_private_check(const EC_KEY *eckey);
|
|
|
|
/* The default user id as specified in GM/T 0009-2012 */
|
|
# define SM2_DEFAULT_USERID "1234567812345678"
|
|
|
|
int ossl_sm2_compute_z_digest(uint8_t *out,
|
|
const EVP_MD *digest,
|
|
const uint8_t *id,
|
|
const size_t id_len,
|
|
const EC_KEY *key);
|
|
|
|
/*
|
|
* SM2 signature operation. Computes Z and then signs H(Z || msg) using SM2
|
|
*/
|
|
ECDSA_SIG *ossl_sm2_do_sign(const EC_KEY *key,
|
|
const EVP_MD *digest,
|
|
const uint8_t *id,
|
|
const size_t id_len,
|
|
const uint8_t *msg, size_t msg_len);
|
|
|
|
int ossl_sm2_do_verify(const EC_KEY *key,
|
|
const EVP_MD *digest,
|
|
const ECDSA_SIG *signature,
|
|
const uint8_t *id,
|
|
const size_t id_len,
|
|
const uint8_t *msg, size_t msg_len);
|
|
|
|
/*
|
|
* SM2 signature generation.
|
|
*/
|
|
int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen,
|
|
unsigned char *sig, unsigned int *siglen,
|
|
EC_KEY *eckey);
|
|
|
|
/*
|
|
* SM2 signature verification.
|
|
*/
|
|
int ossl_sm2_internal_verify(const unsigned char *dgst, int dgstlen,
|
|
const unsigned char *sig, int siglen,
|
|
EC_KEY *eckey);
|
|
|
|
/*
|
|
* SM2 encryption
|
|
*/
|
|
int ossl_sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest,
|
|
size_t msg_len, size_t *ct_size);
|
|
|
|
int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size,
|
|
size_t *pt_size);
|
|
|
|
int ossl_sm2_encrypt(const EC_KEY *key,
|
|
const EVP_MD *digest,
|
|
const uint8_t *msg, size_t msg_len,
|
|
uint8_t *ciphertext_buf, size_t *ciphertext_len);
|
|
|
|
int ossl_sm2_decrypt(const EC_KEY *key,
|
|
const EVP_MD *digest,
|
|
const uint8_t *ciphertext, size_t ciphertext_len,
|
|
uint8_t *ptext_buf, size_t *ptext_len);
|
|
|
|
const unsigned char *ossl_sm2_algorithmidentifier_encoding(int md_nid,
|
|
size_t *len);
|
|
# endif /* OPENSSL_NO_SM2 */
|
|
#endif
|