Skip to content

Commit a0edf71

Browse files
sameehjsameehj
committed
fixes
Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
1 parent 2728d3d commit a0edf71

File tree

1 file changed

+8
-35
lines changed

1 file changed

+8
-35
lines changed

wolfcrypt/src/pkcs7.c

Lines changed: 8 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -1180,54 +1180,25 @@ int wc_PKCS7_InitWithCert(wc_PKCS7* pkcs7, byte* derCert, word32 derCertSz)
11801180
}
11811181

11821182
/* verify extracted public key is valid before storing */
1183-
#ifndef WC_RSA_PSS
11841183
ret = wc_PKCS7_CheckPublicKeyDer(pkcs7, (int)dCert->keyOID,
11851184
dCert->publicKey, dCert->pubKeySize);
1186-
#else
1187-
/* For RSAPSSk, cert parser may store key in a form that fails
1188-
* wc_RsaPublicKeyDecode; skip decode check and rely on size/copy below */
1189-
if (dCert->keyOID != RSAPSSk)
1190-
ret = wc_PKCS7_CheckPublicKeyDer(pkcs7, (int)dCert->keyOID,
1191-
dCert->publicKey, dCert->pubKeySize);
1192-
#endif
11931185
if (ret != 0) {
11941186
WOLFSSL_MSG("Invalid public key, check pkcs7->cert");
11951187
FreeDecodedCert(dCert);
11961188
WC_FREE_VAR_EX(dCert, pkcs7->heap, DYNAMIC_TYPE_DCERT);
11971189
return ret;
11981190
}
11991191

1200-
if (dCert->serialSz > MAX_SN_SZ) {
1201-
WOLFSSL_MSG("Invalid size in certificate");
1202-
FreeDecodedCert(dCert);
1203-
WC_FREE_VAR_EX(dCert, pkcs7->heap, DYNAMIC_TYPE_DCERT);
1204-
return ASN_PARSE_E;
1205-
}
1206-
#ifdef WC_RSA_PSS
1207-
if (dCert->keyOID != RSAPSSk &&
1208-
dCert->pubKeySize > (MAX_RSA_INT_SZ + MAX_RSA_E_SZ)) {
1209-
WOLFSSL_MSG("Invalid size in certificate");
1210-
FreeDecodedCert(dCert);
1211-
WC_FREE_VAR_EX(dCert, pkcs7->heap, DYNAMIC_TYPE_DCERT);
1212-
return ASN_PARSE_E;
1213-
}
1214-
#else
1215-
if (dCert->pubKeySize > (MAX_RSA_INT_SZ + MAX_RSA_E_SZ)) {
1192+
if (dCert->pubKeySize > (MAX_RSA_INT_SZ + MAX_RSA_E_SZ) ||
1193+
dCert->serialSz > MAX_SN_SZ) {
12161194
WOLFSSL_MSG("Invalid size in certificate");
12171195
FreeDecodedCert(dCert);
12181196
WC_FREE_VAR_EX(dCert, pkcs7->heap, DYNAMIC_TYPE_DCERT);
12191197
return ASN_PARSE_E;
12201198
}
1221-
#endif
12221199

1223-
/* For RSAPSSk, cert parser may report larger pubKeySize; copy only what fits */
1224-
{
1225-
word32 copySz = dCert->pubKeySize;
1226-
if (copySz > (MAX_RSA_INT_SZ + MAX_RSA_E_SZ))
1227-
copySz = (MAX_RSA_INT_SZ + MAX_RSA_E_SZ);
1228-
XMEMCPY(pkcs7->publicKey, dCert->publicKey, copySz);
1229-
pkcs7->publicKeySz = copySz;
1230-
}
1200+
XMEMCPY(pkcs7->publicKey, dCert->publicKey, dCert->pubKeySize);
1201+
pkcs7->publicKeySz = dCert->pubKeySize;
12311202
pkcs7->publicKeyOID = dCert->keyOID;
12321203
/* Do not derive publicKeyOID from cert signatureOID: the cert's
12331204
* signature is how the cert was signed by its issuer; the signer
@@ -5507,10 +5478,13 @@ static int wc_PKCS7_ParseSignerInfo(wc_PKCS7* pkcs7, byte* in, word32 inSz,
55075478
#if defined(WC_RSA_PSS) && !defined(NO_RSA)
55085479
if ((word32)sigOID == (word32)CTC_RSASSAPSS &&
55095480
paramTag == (ASN_SEQUENCE | ASN_CONSTRUCTED)) {
5510-
word32 tlvLen = (word32)((int)idx - (int)paramsStart) +
5481+
word32 tlvLen = (idx - paramsStart) +
55115482
(word32)paramLen;
55125483
enum wc_HashType pssHash = WC_HASH_TYPE_SHA;
55135484
int pssMgfVal = 0, pssSalt = 0;
5485+
if (paramsStart + tlvLen > (word32)inSz) {
5486+
return ASN_PARSE_E;
5487+
}
55145488
ret = wc_DecodeRsaPssParams(in + paramsStart, tlvLen,
55155489
&pssHash, &pssMgfVal,
55165490
&pssSalt);
@@ -5520,7 +5494,6 @@ static int wc_PKCS7_ParseSignerInfo(wc_PKCS7* pkcs7, byte* in, word32 inSz,
55205494
pkcs7->pssMgf = pssMgfVal;
55215495
}
55225496
else {
5523-
/* Missing or unsupported PSS params: fail parse per RFC 4055 */
55245497
WOLFSSL_MSG("RSASSA-PSS parameters invalid - failing parse");
55255498
return ASN_PARSE_E;
55265499
}

0 commit comments

Comments
 (0)