X.509: Fix internal TLS/X.509 validation of PKCS#1 signature

Verify that there is no extra data after the hash field. This is needed
to avoid potential attacks using additional data to construct a value
that passes the RSA operation and allows the hash value to be forged.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2014-05-19 23:25:38 +03:00 committed by Jouni Malinen
parent e90d955f7c
commit 9c29d48725

View file

@ -1783,6 +1783,15 @@ skip_digest_oid:
return -1; return -1;
} }
if (hdr.payload + hdr.length < data + data_len) {
wpa_hexdump(MSG_INFO,
"X509: Extra data after certificate signature hash",
hdr.payload + hdr.length,
data + data_len - hdr.payload - hdr.length);
os_free(data);
return -1;
}
os_free(data); os_free(data);
wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with " wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "