mirror of
https://github.com/openharmony/third_party_openhitls.git
synced 2026-07-01 10:05:26 -04:00
fix: harden sm verification and pem stdin handling
Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1468 Signed-off-by: Dongjianwei001 <dongjianwei1@huawei.com>
This commit is contained in:
+2
-2
@@ -271,7 +271,7 @@ static int32_t VerifyHMAC(AppProvider *provider, int32_t macId, const uint8_t *d
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (calcHmacLen != hmacLen || memcmp(calculatedHmac, hmac, hmacLen) != 0) {
|
||||
if (calcHmacLen != hmacLen || ConstTimeMemcmp(calculatedHmac, hmac, hmacLen) == 0) {
|
||||
AppPrintError("HMAC verify failed.\n");
|
||||
return HITLS_APP_INTEGRITY_VERIFY_FAIL;
|
||||
}
|
||||
@@ -407,7 +407,7 @@ static int32_t VerifyPassword(AppProvider *provider, UserInfo *userInfo, char *p
|
||||
return HITLS_APP_INFO_CMP_FAIL;
|
||||
}
|
||||
|
||||
if (memcmp(derivedKey, userInfo->userParam.dKey, userInfo->userParam.dKeyLen) != 0) {
|
||||
if (ConstTimeMemcmp(derivedKey, userInfo->userParam.dKey, userInfo->userParam.dKeyLen) == 0) {
|
||||
BSL_SAL_CleanseData(derivedKey, HITLS_APP_SM_DKEY_LEN);
|
||||
AppPrintError("Admin verification failed.\n");
|
||||
return HITLS_APP_PASSWD_FAIL;
|
||||
|
||||
@@ -672,10 +672,9 @@ static int32_t ReadPemByUioSymbol(BSL_UIO *memUio, BSL_UIO *rUio, BSL_PEM_Symbol
|
||||
if ((BSL_UIO_Gets(rUio, buf, &lineLen) != BSL_SUCCESS) || (lineLen == 0)) {
|
||||
break;
|
||||
}
|
||||
ret = BSL_UIO_Ctrl(rUio, BSL_UIO_GET_READ_NUM, sizeof(int64_t), &dataLen);
|
||||
if (ret != BSL_SUCCESS || dataLen > APP_FILE_MAX_SIZE) {
|
||||
int32_t ctrlRet = BSL_UIO_Ctrl(rUio, BSL_UIO_GET_READ_NUM, sizeof(int64_t), &dataLen);
|
||||
if (ctrlRet != BSL_SUCCESS || dataLen > APP_FILE_MAX_SIZE) {
|
||||
AppPrintError("The maximum file size is %zukb.\n", APP_FILE_MAX_SIZE_KB);
|
||||
ret = HITLS_APP_UIO_FAIL;
|
||||
break;
|
||||
}
|
||||
if (!hasHead) {
|
||||
@@ -691,7 +690,7 @@ static int32_t ReadPemByUioSymbol(BSL_UIO *memUio, BSL_UIO *rUio, BSL_PEM_Symbol
|
||||
}
|
||||
// Check whether it is the tail.
|
||||
if (strncmp(buf, symbol->tail, strlen(symbol->tail)) == 0) {
|
||||
if (BSL_UIO_Write(memUio, (const uint8_t *)buf, lineLen + 1, &writeMemLen) != BSL_SUCCESS ||
|
||||
if (BSL_UIO_Write(memUio, (const uint8_t *)buf, lineLen + 1, &writeMemLen) == BSL_SUCCESS &&
|
||||
writeMemLen == lineLen + 1) {
|
||||
ret = HITLS_APP_SUCCESS;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user