Bound two other cases of PKCS#12 iteration counts. The fuzzer found another place where it could cause a timeout by providing a huge PBKDF2 iteration count. This change bounds another two places where we parse out iteration counts and that's hopefully all of them. BUG=oss-fuzz:9853 Change-Id: I037fa09d2bee79e7435a9d40cbd89c07b4a9d443 Reviewed-on: https://boringssl-review.googlesource.com/30944 Commit-Queue: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/crypto/pkcs8/internal.h b/crypto/pkcs8/internal.h
index 97c86c4..c3302f7 100644
--- a/crypto/pkcs8/internal.h
+++ b/crypto/pkcs8/internal.h

@@ -119,6 +119,10 @@
                             const char *pass, size_t pass_len,
                             const uint8_t *salt, size_t salt_len);
 
+// pkcs12_iterations_acceptable returns one if |iterations| is a reasonable
+// number of PBKDF2 iterations and zero otherwise.
+int pkcs12_iterations_acceptable(uint64_t iterations);
+
 
 #if defined(__cplusplus)
 }  // extern C

diff --git a/crypto/pkcs8/p5_pbev2.c b/crypto/pkcs8/p5_pbev2.c
index 6686cf3..7497b00 100644
--- a/crypto/pkcs8/p5_pbev2.c
+++ b/crypto/pkcs8/p5_pbev2.c

@@ -244,7 +244,7 @@
     return 0;
   }
 
-  if (iterations == 0 || iterations > UINT_MAX) {
+  if (!pkcs12_iterations_acceptable(iterations)) {
     OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_ITERATION_COUNT);
     return 0;
   }

diff --git a/crypto/pkcs8/pkcs8.c b/crypto/pkcs8/pkcs8.c
index 3453113..ee25ee2 100644
--- a/crypto/pkcs8/pkcs8.c
+++ b/crypto/pkcs8/pkcs8.c

@@ -268,7 +268,7 @@
     return 0;
   }
 
-  if (iterations == 0 || iterations > UINT_MAX) {
+  if (!pkcs12_iterations_acceptable(iterations)) {
     OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_ITERATION_COUNT);
     return 0;
   }

diff --git a/crypto/pkcs8/pkcs8_x509.c b/crypto/pkcs8/pkcs8_x509.c
index c5a0651..dc74d96 100644
--- a/crypto/pkcs8/pkcs8_x509.c
+++ b/crypto/pkcs8/pkcs8_x509.c

@@ -75,6 +75,21 @@
 #include "../internal.h"
 
 
+int pkcs12_iterations_acceptable(uint64_t iterations) {
+#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
+  static const uint64_t kIterationsLimit = 2048;
+#else
+  // Windows imposes a limit of 600K. Mozilla say: “so them increasing
+  // maximum to something like 100M or 1G (to have few decades of breathing
+  // room) would be very welcome”[1]. So here we set the limit to 100M.
+  //
+  // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1436873#c14
+  static const uint64_t kIterationsLimit = 100 * 1000000;
+#endif
+
+  return 0 < iterations && iterations <= kIterationsLimit;
+}
+
 // Minor tweak to operation: zero private key data
 static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                    void *exarg) {
@@ -669,22 +684,11 @@
       goto err;
     }
 
-#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
-    static const uint64_t kIterationsLimit = 2048;
-#else
-    // Windows imposes a limit of 600K. Mozilla say: “so them increasing
-    // maximum to something like 100M or 1G (to have few decades of breathing
-    // room) would be very welcome”[1]. So here we set the limit to 100M.
-    //
-    // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1436873#c14
-    static const uint64_t kIterationsLimit = 100 * 1000000;
-#endif
-
     // The iteration count is optional and the default is one.
     uint64_t iterations = 1;
     if (CBS_len(&mac_data) > 0) {
       if (!CBS_get_asn1_uint64(&mac_data, &iterations) ||
-          iterations > kIterationsLimit) {
+          !pkcs12_iterations_acceptable(iterations)) {
         OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA);
         goto err;
       }