Commit b7de86d8 authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard
Browse files

More checks for length match in rsassa-pss params

parent 3c1e8b53
......@@ -178,7 +178,7 @@ static int x509_get_hash_alg( const x509_buf *alg, md_type_t *md_alg )
if( p == end )
return( 0 );
if( ( ret = asn1_get_tag( &p, end, &len, ASN1_NULL ) ) != 0 )
if( ( ret = asn1_get_tag( &p, end, &len, ASN1_NULL ) ) != 0 || len != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p != end )
......@@ -202,7 +202,7 @@ int x509_get_rsassa_pss_params( const x509_buf *params,
{
int ret;
unsigned char *p;
const unsigned char *end;
const unsigned char *end, *end2;
size_t len;
x509_buf alg_id, alg_params;
......@@ -223,24 +223,41 @@ int x509_get_rsassa_pss_params( const x509_buf *params,
if( p == end )
return( 0 );
/*
* HashAlgorithm
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
{
end2 = p + len;
/* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
if( ( ret = x509_get_alg_null( &p, p + len, &alg_id ) ) != 0 )
if( ( ret = x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
return( ret );
if( ( ret = oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p != end2 )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p == end )
return( 0 );
/*
* MaskGenAlgorithm
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
{
end2 = p + len;
/* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
if( ( ret = x509_get_alg( &p, p + len, &alg_id, &alg_params ) ) != 0 )
if( ( ret = x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
return( ret );
/* Only MFG1 is recognised for now */
......@@ -251,6 +268,10 @@ int x509_get_rsassa_pss_params( const x509_buf *params,
/* Parse HashAlgorithm */
if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
return( ret );
if( p != end2 )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
......@@ -258,12 +279,20 @@ int x509_get_rsassa_pss_params( const x509_buf *params,
if( p == end )
return( 0 );
/*
* salt_len
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 2 ) ) == 0 )
{
/* salt_len */
if( ( ret = asn1_get_int( &p, p + len, salt_len ) ) != 0 )
end2 = p + len;
if( ( ret = asn1_get_int( &p, end2, salt_len ) ) != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p != end2 )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
......@@ -271,12 +300,20 @@ int x509_get_rsassa_pss_params( const x509_buf *params,
if( p == end )
return( 0 );
/*
* trailer_field
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3 ) ) == 0 )
{
/* trailer_field */
if( ( ret = asn1_get_int( &p, p + len, trailer_field ) ) != 0 )
end2 = p + len;
if( ( ret = asn1_get_int( &p, end2, trailer_field ) ) != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p != end2 )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment