blob: b7118ba1fb4092eb53321492e7b314a887f0bfd7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
From 423a5d56274a1d343e0d2107dfc4fbf0df2dcca5 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 28 Sep 2021 17:52:08 +0200
Subject: [PATCH] Reject RSASSA-PSS params with negative salt length
The `salt_len` member in the struct is of type `ssize_t` because we use
negative values for special automatic salt lengths when generating
signatures.
Not checking this could lead to an integer overflow. The value is assigned
to the `len` field of a chunk (`size_t`), which is further used in
calculations to check the padding structure and (if that is passed by a
matching crafted signature value) eventually a memcpy() that will result
in a segmentation fault.
Fixes: a22316520b91 ("signature-params: Add functions to parse/build ASN.1 RSASSA-PSS params")
Fixes: 7d6b81648b2d ("gmp: Add support for RSASSA-PSS signature verification")
Fixes: CVE-2021-41990
Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2021-41990]
CVE: CVE-2021-41990
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
---
src/libstrongswan/credentials/keys/signature_params.c | 6 +++++-
src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 2 +-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/libstrongswan/credentials/keys/signature_params.c b/src/libstrongswan/credentials/keys/signature_params.c
index d89bd2c96bb5..837de8443d43 100644
--- a/src/libstrongswan/credentials/keys/signature_params.c
+++ b/src/libstrongswan/credentials/keys/signature_params.c
@@ -322,7 +322,11 @@ bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params)
case RSASSA_PSS_PARAMS_SALT_LEN:
if (object.len)
{
- params->salt_len = (size_t)asn1_parse_integer_uint64(object);
+ params->salt_len = (ssize_t)asn1_parse_integer_uint64(object);
+ if (params->salt_len < 0)
+ {
+ goto end;
+ }
}
break;
case RSASSA_PSS_PARAMS_TRAILER:
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index f9bd1d314dec..3a775090883e 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -168,7 +168,7 @@ static bool verify_emsa_pss_signature(private_gmp_rsa_public_key_t *this,
int i;
bool success = FALSE;
- if (!params)
+ if (!params || params->salt_len < 0)
{
return FALSE;
}
--
2.25.1
|
