mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-05 00:00:45 -04:00
signature-params: Reject RSASSA-PSS params that result in negative salt len
The `salt_len` member in the struct is of type `ssize_t` because we use
negative values for special automatic salt lengths when generating
signatures. This change ensures that `salt_len` will not overflow the
`len` fields of chunks (`size_t`), which could lead to integer overflows
when validating signatures (see the next commit).
Fixes: a22316520b91 ("signature-params: Add functions to parse/build ASN.1 RSASSA-PSS params")
This commit is contained in:
Tobias Brunner
parent
2403154f95
commit
03fbceb3f5
@ -322,7 +322,11 @@ bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params)
|
||||
case RSASSA_PSS_PARAMS_SALT_LEN:
|
||||
if (object.len)
|
||||
{
|
||||
params->salt_len = (size_t)asn1_parse_integer_uint64(object);
|
||||
params->salt_len = (ssize_t)asn1_parse_integer_uint64(object);
|
||||
if (params->salt_len < 0)
|
||||
{
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
break;
|
||||
case RSASSA_PSS_PARAMS_TRAILER:
|
||||
|
||||
@ -111,6 +111,12 @@ chunk_t rsa_pss_parse_invalid_tests[] = {
|
||||
/* too long trailer */
|
||||
chunk_from_chars(0x30,0x13,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x06,
|
||||
0xa3,0x04,0x02,0x02,0x01,0x01),
|
||||
/* invalid salt causing a negative value */
|
||||
chunk_from_chars(0x30,0x4d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x40,0xa0,
|
||||
0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,
|
||||
0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,
|
||||
0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x0a,
|
||||
0x02,0x08,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xa3,0x03,0x02,0x01,0x01),
|
||||
};
|
||||
|
||||
START_TEST(test_rsa_pss_params_parse_invalid)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user