summaryrefslogtreecommitdiff
path: root/src/cbor.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/cbor.c')
-rw-r--r--src/cbor.c25
1 files changed, 9 insertions, 16 deletions
diff --git a/src/cbor.c b/src/cbor.c
index 3928325..b30da50 100644
--- a/src/cbor.c
+++ b/src/cbor.c
@@ -386,7 +386,7 @@ cbor_flatten_vector(cbor_item_t *argv[], size_t argc)
386 return (NULL); 386 return (NULL);
387 387
388 for (i = 0; i < argc; i++) 388 for (i = 0; i < argc; i++)
389 if (cbor_add_arg(map, i + 1, argv[i]) < 0) 389 if (cbor_add_arg(map, (uint8_t)(i + 1), argv[i]) < 0)
390 break; 390 break;
391 391
392 if (i != argc) { 392 if (i != argc) {
@@ -583,7 +583,9 @@ cbor_encode_extensions(const fido_cred_ext_t *ext)
583 } 583 }
584 } 584 }
585 if (ext->mask & FIDO_EXT_CRED_PROTECT) { 585 if (ext->mask & FIDO_EXT_CRED_PROTECT) {
586 if (cbor_add_uint8(item, "credProtect", ext->prot) < 0) { 586 if (ext->prot < 0 || ext->prot > UINT8_MAX ||
587 cbor_add_uint8(item, "credProtect",
588 (uint8_t)ext->prot) < 0) {
587 cbor_decref(&item); 589 cbor_decref(&item);
588 return (NULL); 590 return (NULL);
589 } 591 }
@@ -634,7 +636,7 @@ cbor_encode_pin_auth(const fido_blob_t *hmac_key, const fido_blob_t *data)
634 unsigned int dgst_len; 636 unsigned int dgst_len;
635 637
636 if ((md = EVP_sha256()) == NULL || HMAC(md, hmac_key->ptr, 638 if ((md = EVP_sha256()) == NULL || HMAC(md, hmac_key->ptr,
637 (int)hmac_key->len, data->ptr, (int)data->len, dgst, 639 (int)hmac_key->len, data->ptr, data->len, dgst,
638 &dgst_len) == NULL || dgst_len != SHA256_DIGEST_LENGTH) 640 &dgst_len) == NULL || dgst_len != SHA256_DIGEST_LENGTH)
639 return (NULL); 641 return (NULL);
640 642
@@ -696,7 +698,6 @@ cbor_encode_change_pin_auth(const fido_blob_t *key, const fido_blob_t *new_pin,
696 fido_blob_t *npe = NULL; /* new pin, encrypted */ 698 fido_blob_t *npe = NULL; /* new pin, encrypted */
697 fido_blob_t *ph = NULL; /* pin hash */ 699 fido_blob_t *ph = NULL; /* pin hash */
698 fido_blob_t *phe = NULL; /* pin hash, encrypted */ 700 fido_blob_t *phe = NULL; /* pin hash, encrypted */
699 int ok = -1;
700 701
701 if ((npe = fido_blob_new()) == NULL || 702 if ((npe = fido_blob_new()) == NULL ||
702 (ph = fido_blob_new()) == NULL || 703 (ph = fido_blob_new()) == NULL ||
@@ -735,8 +736,8 @@ cbor_encode_change_pin_auth(const fido_blob_t *key, const fido_blob_t *new_pin,
735 if ((ctx = HMAC_CTX_new()) == NULL || 736 if ((ctx = HMAC_CTX_new()) == NULL ||
736 (md = EVP_sha256()) == NULL || 737 (md = EVP_sha256()) == NULL ||
737 HMAC_Init_ex(ctx, key->ptr, (int)key->len, md, NULL) == 0 || 738 HMAC_Init_ex(ctx, key->ptr, (int)key->len, md, NULL) == 0 ||
738 HMAC_Update(ctx, npe->ptr, (int)npe->len) == 0 || 739 HMAC_Update(ctx, npe->ptr, npe->len) == 0 ||
739 HMAC_Update(ctx, phe->ptr, (int)phe->len) == 0 || 740 HMAC_Update(ctx, phe->ptr, phe->len) == 0 ||
740 HMAC_Final(ctx, dgst, &dgst_len) == 0 || dgst_len != 32) { 741 HMAC_Final(ctx, dgst, &dgst_len) == 0 || dgst_len != 32) {
741 fido_log_debug("%s: HMAC", __func__); 742 fido_log_debug("%s: HMAC", __func__);
742 goto fail; 743 goto fail;
@@ -748,7 +749,6 @@ cbor_encode_change_pin_auth(const fido_blob_t *key, const fido_blob_t *new_pin,
748 goto fail; 749 goto fail;
749 } 750 }
750 751
751 ok = 0;
752fail: 752fail:
753 fido_blob_free(&npe); 753 fido_blob_free(&npe);
754 fido_blob_free(&ph); 754 fido_blob_free(&ph);
@@ -759,13 +759,6 @@ fail:
759 HMAC_CTX_free(ctx); 759 HMAC_CTX_free(ctx);
760#endif 760#endif
761 761
762 if (ok < 0) {
763 if (item != NULL) {
764 cbor_decref(&item);
765 item = NULL;
766 }
767 }
768
769 return (item); 762 return (item);
770} 763}
771 764
@@ -787,7 +780,7 @@ cbor_encode_set_pin_auth(const fido_blob_t *key, const fido_blob_t *pin)
787 } 780 }
788 781
789 if ((md = EVP_sha256()) == NULL || key->len != 32 || HMAC(md, key->ptr, 782 if ((md = EVP_sha256()) == NULL || key->len != 32 || HMAC(md, key->ptr,
790 (int)key->len, pe->ptr, (int)pe->len, dgst, &dgst_len) == NULL || 783 (int)key->len, pe->ptr, pe->len, dgst, &dgst_len) == NULL ||
791 dgst_len != SHA256_DIGEST_LENGTH) { 784 dgst_len != SHA256_DIGEST_LENGTH) {
792 fido_log_debug("%s: HMAC", __func__); 785 fido_log_debug("%s: HMAC", __func__);
793 goto fail; 786 goto fail;
@@ -1292,7 +1285,7 @@ cbor_decode_cred_authdata(const cbor_item_t *item, int cose_alg,
1292 } 1285 }
1293 1286
1294 if (authdata_ext != NULL) { 1287 if (authdata_ext != NULL) {
1295 if ((authdata->flags & CTAP_AUTHDATA_EXT_DATA) != 0 && 1288 if ((authdata->flags & CTAP_AUTHDATA_EXT_DATA) != 0 &&
1296 decode_extensions(&buf, &len, authdata_ext) < 0) 1289 decode_extensions(&buf, &len, authdata_ext) < 0)
1297 return (-1); 1290 return (-1);
1298 } 1291 }