ASN.1: Fix AlgorithmInfo parsing for signatures
Digest is within the DigestInfo SEQUENCE and as such, parsing for it should use the end of that data instead of the end of the decrypted signature as the end point. Fix this in the PKCS #1 and X.509 implementations to avoid accepting invalid digest data that is constructed to get the hash value from after the actual DigestInfo container. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
ee76493bbd
commit
94beb8e367
2 changed files with 3 additions and 4 deletions
|
@ -287,7 +287,6 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
|
|||
|
||||
/* Digest ::= OCTET STRING */
|
||||
pos = da_end;
|
||||
end = decrypted + decrypted_len;
|
||||
|
||||
if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
|
||||
hdr.class != ASN1_CLASS_UNIVERSAL ||
|
||||
|
@ -310,13 +309,14 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
|
|||
|
||||
os_free(decrypted);
|
||||
|
||||
if (hdr.payload + hdr.length != end) {
|
||||
if (hdr.payload + hdr.length != decrypted + decrypted_len) {
|
||||
wpa_printf(MSG_INFO,
|
||||
"PKCS #1: Extra data after signature - reject");
|
||||
|
||||
wpa_hexdump(MSG_DEBUG, "PKCS #1: Extra data",
|
||||
hdr.payload + hdr.length,
|
||||
end - hdr.payload - hdr.length);
|
||||
decrypted + decrypted_len - hdr.payload -
|
||||
hdr.length);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
|
@ -2070,7 +2070,6 @@ int x509_check_signature(struct x509_certificate *issuer,
|
|||
skip_digest_oid:
|
||||
/* Digest ::= OCTET STRING */
|
||||
pos = da_end;
|
||||
end = data + data_len;
|
||||
|
||||
if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
|
||||
hdr.class != ASN1_CLASS_UNIVERSAL ||
|
||||
|
|
Loading…
Reference in a new issue