From eb250134f899d292d3af450755c4a16b23fe7fcb Mon Sep 17 00:00:00 2001 From: Dave Pate Date: Mon, 7 Jan 2019 15:10:18 -0800 Subject: [PATCH] lib: check internal authentication crypt errors --- lib/ykpiv.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/lib/ykpiv.c b/lib/ykpiv.c index f9ee4a1..8aa2b7a 100644 --- a/lib/ykpiv.c +++ b/lib/ykpiv.c @@ -684,6 +684,7 @@ ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) { uint32_t recv_len = sizeof(data); int sw; ykpiv_rc res; + des_rc drc = DES_OK; des_key* mgm_key = NULL; size_t out_len = 0; @@ -728,7 +729,12 @@ ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) { unsigned char *dataptr = apdu.st.data; unsigned char response[8]; out_len = sizeof(response); - des_decrypt(mgm_key, challenge, sizeof(challenge), response, &out_len); + drc = des_decrypt(mgm_key, challenge, sizeof(challenge), response, &out_len); + + if (drc != DES_OK) { + res = YKPIV_AUTHENTICATION_ERROR; + goto Cleanup; + } recv_len = sizeof(data); memset(apdu.raw, 0, sizeof(apdu)); @@ -766,7 +772,13 @@ ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) { { unsigned char response[8]; out_len = sizeof(response); - des_encrypt(mgm_key, challenge, sizeof(challenge), response, &out_len); + drc = des_encrypt(mgm_key, challenge, sizeof(challenge), response, &out_len); + + if (drc != DES_OK) { + res = YKPIV_AUTHENTICATION_ERROR; + goto Cleanup; + } + if (memcmp(response, data + 4, 8) == 0) { res = YKPIV_OK; }