X.509: Fix internal TLS/X.509 validation of PKCS#1 signature
Verify that there is no extra data after the hash field. This is needed to avoid potential attacks using additional data to construct a value that passes the RSA operation and allows the hash value to be forged. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
e90d955f7c
commit
9c29d48725
1 changed files with 9 additions and 0 deletions
|
@ -1783,6 +1783,15 @@ skip_digest_oid:
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (hdr.payload + hdr.length < data + data_len) {
|
||||||
|
wpa_hexdump(MSG_INFO,
|
||||||
|
"X509: Extra data after certificate signature hash",
|
||||||
|
hdr.payload + hdr.length,
|
||||||
|
data + data_len - hdr.payload - hdr.length);
|
||||||
|
os_free(data);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
os_free(data);
|
os_free(data);
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "
|
wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "
|
||||||
|
|
Loading…
Reference in a new issue