mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 23:35:32 +00:00
More length checks in RSA PKCS1v15 verify
Added one check that I'd missed, and made the style more uniform.
This commit is contained in:
parent
0e17eb05f8
commit
e7e7650480
|
@ -1389,27 +1389,28 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
||||||
end = p + len;
|
end = p + len;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Parse the ASN.1 structure inside the PKCS#1 v1.5 structure
|
* Parse the ASN.1 structure inside the PKCS#1 v1.5 structure.
|
||||||
|
* Insist on 2-byte length tags, to protect against variants of
|
||||||
|
* Bleichenbacher's forgery attack against lax PKCS#1v1.5 verification.
|
||||||
*/
|
*/
|
||||||
p0 = p;
|
p0 = p;
|
||||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len,
|
if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len,
|
||||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
||||||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||||
|
|
||||||
if( p != p0 + 2 || asn1_len + 2 != len )
|
if( p != p0 + 2 || asn1_len + 2 != len )
|
||||||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||||
|
|
||||||
|
p0 = p;
|
||||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len,
|
if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len,
|
||||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
||||||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||||
|
if( p != p0 + 2 || asn1_len + 6 + hashlen != len )
|
||||||
if( p != p0 + 4 || asn1_len + 6 + hashlen != len )
|
|
||||||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||||
|
|
||||||
|
p0 = p;
|
||||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
|
if( ( ret = mbedtls_asn1_get_tag( &p, end, &oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
|
||||||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||||
|
if( p != p0 + 2 )
|
||||||
if( p != p0 + 6 )
|
|
||||||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||||
|
|
||||||
oid.p = p;
|
oid.p = p;
|
||||||
|
@ -1424,13 +1425,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
||||||
/*
|
/*
|
||||||
* assume the algorithm parameters must be NULL
|
* assume the algorithm parameters must be NULL
|
||||||
*/
|
*/
|
||||||
|
p0 = p;
|
||||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, MBEDTLS_ASN1_NULL ) ) != 0 )
|
if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, MBEDTLS_ASN1_NULL ) ) != 0 )
|
||||||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||||
|
if( p != p0 + 2 )
|
||||||
|
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||||
|
|
||||||
p0 = p;
|
p0 = p;
|
||||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
||||||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||||
|
|
||||||
if( p != p0 + 2 || asn1_len != hashlen )
|
if( p != p0 + 2 || asn1_len != hashlen )
|
||||||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue