diff options
Diffstat (limited to 'src/cbor.c')
-rw-r--r-- | src/cbor.c | 25 |
1 files changed, 9 insertions, 16 deletions
@@ -386,7 +386,7 @@ cbor_flatten_vector(cbor_item_t *argv[], size_t argc) | |||
386 | return (NULL); | 386 | return (NULL); |
387 | 387 | ||
388 | for (i = 0; i < argc; i++) | 388 | for (i = 0; i < argc; i++) |
389 | if (cbor_add_arg(map, i + 1, argv[i]) < 0) | 389 | if (cbor_add_arg(map, (uint8_t)(i + 1), argv[i]) < 0) |
390 | break; | 390 | break; |
391 | 391 | ||
392 | if (i != argc) { | 392 | if (i != argc) { |
@@ -583,7 +583,9 @@ cbor_encode_extensions(const fido_cred_ext_t *ext) | |||
583 | } | 583 | } |
584 | } | 584 | } |
585 | if (ext->mask & FIDO_EXT_CRED_PROTECT) { | 585 | if (ext->mask & FIDO_EXT_CRED_PROTECT) { |
586 | if (cbor_add_uint8(item, "credProtect", ext->prot) < 0) { | 586 | if (ext->prot < 0 || ext->prot > UINT8_MAX || |
587 | cbor_add_uint8(item, "credProtect", | ||
588 | (uint8_t)ext->prot) < 0) { | ||
587 | cbor_decref(&item); | 589 | cbor_decref(&item); |
588 | return (NULL); | 590 | return (NULL); |
589 | } | 591 | } |
@@ -634,7 +636,7 @@ cbor_encode_pin_auth(const fido_blob_t *hmac_key, const fido_blob_t *data) | |||
634 | unsigned int dgst_len; | 636 | unsigned int dgst_len; |
635 | 637 | ||
636 | if ((md = EVP_sha256()) == NULL || HMAC(md, hmac_key->ptr, | 638 | if ((md = EVP_sha256()) == NULL || HMAC(md, hmac_key->ptr, |
637 | (int)hmac_key->len, data->ptr, (int)data->len, dgst, | 639 | (int)hmac_key->len, data->ptr, data->len, dgst, |
638 | &dgst_len) == NULL || dgst_len != SHA256_DIGEST_LENGTH) | 640 | &dgst_len) == NULL || dgst_len != SHA256_DIGEST_LENGTH) |
639 | return (NULL); | 641 | return (NULL); |
640 | 642 | ||
@@ -696,7 +698,6 @@ cbor_encode_change_pin_auth(const fido_blob_t *key, const fido_blob_t *new_pin, | |||
696 | fido_blob_t *npe = NULL; /* new pin, encrypted */ | 698 | fido_blob_t *npe = NULL; /* new pin, encrypted */ |
697 | fido_blob_t *ph = NULL; /* pin hash */ | 699 | fido_blob_t *ph = NULL; /* pin hash */ |
698 | fido_blob_t *phe = NULL; /* pin hash, encrypted */ | 700 | fido_blob_t *phe = NULL; /* pin hash, encrypted */ |
699 | int ok = -1; | ||
700 | 701 | ||
701 | if ((npe = fido_blob_new()) == NULL || | 702 | if ((npe = fido_blob_new()) == NULL || |
702 | (ph = fido_blob_new()) == NULL || | 703 | (ph = fido_blob_new()) == NULL || |
@@ -735,8 +736,8 @@ cbor_encode_change_pin_auth(const fido_blob_t *key, const fido_blob_t *new_pin, | |||
735 | if ((ctx = HMAC_CTX_new()) == NULL || | 736 | if ((ctx = HMAC_CTX_new()) == NULL || |
736 | (md = EVP_sha256()) == NULL || | 737 | (md = EVP_sha256()) == NULL || |
737 | HMAC_Init_ex(ctx, key->ptr, (int)key->len, md, NULL) == 0 || | 738 | HMAC_Init_ex(ctx, key->ptr, (int)key->len, md, NULL) == 0 || |
738 | HMAC_Update(ctx, npe->ptr, (int)npe->len) == 0 || | 739 | HMAC_Update(ctx, npe->ptr, npe->len) == 0 || |
739 | HMAC_Update(ctx, phe->ptr, (int)phe->len) == 0 || | 740 | HMAC_Update(ctx, phe->ptr, phe->len) == 0 || |
740 | HMAC_Final(ctx, dgst, &dgst_len) == 0 || dgst_len != 32) { | 741 | HMAC_Final(ctx, dgst, &dgst_len) == 0 || dgst_len != 32) { |
741 | fido_log_debug("%s: HMAC", __func__); | 742 | fido_log_debug("%s: HMAC", __func__); |
742 | goto fail; | 743 | goto fail; |
@@ -748,7 +749,6 @@ cbor_encode_change_pin_auth(const fido_blob_t *key, const fido_blob_t *new_pin, | |||
748 | goto fail; | 749 | goto fail; |
749 | } | 750 | } |
750 | 751 | ||
751 | ok = 0; | ||
752 | fail: | 752 | fail: |
753 | fido_blob_free(&npe); | 753 | fido_blob_free(&npe); |
754 | fido_blob_free(&ph); | 754 | fido_blob_free(&ph); |
@@ -759,13 +759,6 @@ fail: | |||
759 | HMAC_CTX_free(ctx); | 759 | HMAC_CTX_free(ctx); |
760 | #endif | 760 | #endif |
761 | 761 | ||
762 | if (ok < 0) { | ||
763 | if (item != NULL) { | ||
764 | cbor_decref(&item); | ||
765 | item = NULL; | ||
766 | } | ||
767 | } | ||
768 | |||
769 | return (item); | 762 | return (item); |
770 | } | 763 | } |
771 | 764 | ||
@@ -787,7 +780,7 @@ cbor_encode_set_pin_auth(const fido_blob_t *key, const fido_blob_t *pin) | |||
787 | } | 780 | } |
788 | 781 | ||
789 | if ((md = EVP_sha256()) == NULL || key->len != 32 || HMAC(md, key->ptr, | 782 | if ((md = EVP_sha256()) == NULL || key->len != 32 || HMAC(md, key->ptr, |
790 | (int)key->len, pe->ptr, (int)pe->len, dgst, &dgst_len) == NULL || | 783 | (int)key->len, pe->ptr, pe->len, dgst, &dgst_len) == NULL || |
791 | dgst_len != SHA256_DIGEST_LENGTH) { | 784 | dgst_len != SHA256_DIGEST_LENGTH) { |
792 | fido_log_debug("%s: HMAC", __func__); | 785 | fido_log_debug("%s: HMAC", __func__); |
793 | goto fail; | 786 | goto fail; |
@@ -1292,7 +1285,7 @@ cbor_decode_cred_authdata(const cbor_item_t *item, int cose_alg, | |||
1292 | } | 1285 | } |
1293 | 1286 | ||
1294 | if (authdata_ext != NULL) { | 1287 | if (authdata_ext != NULL) { |
1295 | if ((authdata->flags & CTAP_AUTHDATA_EXT_DATA) != 0 && | 1288 | if ((authdata->flags & CTAP_AUTHDATA_EXT_DATA) != 0 && |
1296 | decode_extensions(&buf, &len, authdata_ext) < 0) | 1289 | decode_extensions(&buf, &len, authdata_ext) < 0) |
1297 | return (-1); | 1290 | return (-1); |
1298 | } | 1291 | } |