From 423a5d56274a1d343e0d2107dfc4fbf0df2dcca5 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 28 Sep 2021 17:52:08 +0200 Subject: [PATCH] Reject RSASSA-PSS params with negative salt length The `salt_len` member in the struct is of type `ssize_t` because we use negative values for special automatic salt lengths when generating signatures. Not checking this could lead to an integer overflow. The value is assigned to the `len` field of a chunk (`size_t`), which is further used in calculations to check the padding structure and (if that is passed by a matching crafted signature value) eventually a memcpy() that will result in a segmentation fault. Fixes: a22316520b91 ("signature-params: Add functions to parse/build ASN.1 RSASSA-PSS params") Fixes: 7d6b81648b2d ("gmp: Add support for RSASSA-PSS signature verification") Fixes: CVE-2021-41990 --- src/libstrongswan/credentials/keys/signature_params.c | 6 +++++- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/libstrongswan/credentials/keys/signature_params.c b/src/libstrongswan/credentials/keys/signature_params.c index d89bd2c96bb5..837de8443d43 100644 --- a/src/libstrongswan/credentials/keys/signature_params.c +++ b/src/libstrongswan/credentials/keys/signature_params.c @@ -322,7 +322,11 @@ bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params) case RSASSA_PSS_PARAMS_SALT_LEN: if (object.len) { - params->salt_len = (size_t)asn1_parse_integer_uint64(object); + params->salt_len = (ssize_t)asn1_parse_integer_uint64(object); + if (params->salt_len < 0) + { + goto end; + } } break; case RSASSA_PSS_PARAMS_TRAILER: diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index f9bd1d314dec..3a775090883e 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -168,7 +168,7 @@ static bool verify_emsa_pss_signature(private_gmp_rsa_public_key_t *this, int i; bool success = FALSE; - if (!params) + if (!params || params->salt_len < 0) { return FALSE; } -- 2.25.1