From 94beb8e3677a0fc7e79534819679bcbe39444880 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 13 Mar 2021 18:00:55 +0200
Subject: [PATCH] ASN.1: Fix AlgorithmInfo parsing for signatures

Digest is within the DigestInfo SEQUENCE and as such, parsing for it
should use the end of that data instead of the end of the decrypted
signature as the end point. Fix this in the PKCS #1 and X.509
implementations to avoid accepting invalid digest data that is
constructed to get the hash value from after the actual DigestInfo
container.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/tls/pkcs1.c  | 6 +++---
 src/tls/x509v3.c | 1 -
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c
index 654c01b76..bbdb0d72d 100644
--- a/src/tls/pkcs1.c
+++ b/src/tls/pkcs1.c
@@ -287,7 +287,6 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
 
 	/* Digest ::= OCTET STRING */
 	pos = da_end;
-	end = decrypted + decrypted_len;
 
 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
@@ -310,13 +309,14 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
 
 	os_free(decrypted);
 
-	if (hdr.payload + hdr.length != end) {
+	if (hdr.payload + hdr.length != decrypted + decrypted_len) {
 		wpa_printf(MSG_INFO,
 			   "PKCS #1: Extra data after signature - reject");
 
 		wpa_hexdump(MSG_DEBUG, "PKCS #1: Extra data",
 			    hdr.payload + hdr.length,
-			    end - hdr.payload - hdr.length);
+			    decrypted + decrypted_len - hdr.payload -
+			    hdr.length);
 		return -1;
 	}
 
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index d2e685cb3..a8944dd2f 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -2070,7 +2070,6 @@ int x509_check_signature(struct x509_certificate *issuer,
 skip_digest_oid:
 	/* Digest ::= OCTET STRING */
 	pos = da_end;
-	end = data + data_len;
 
 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
 	    hdr.class != ASN1_CLASS_UNIVERSAL ||