Make sure the digestAlgorithm.parameters field is empty, which it has

to be for the hashes we support. Otherwise, the field can encode "garbage" that might be used to make the signature be a perfect cube, similar (but not identical) to Bleichenbacher's Crypto 06 rump session attack.
author: Simon Josefsson <simon@josefsson.org> 2006-09-08 13:38:55 +0000
committer: Simon Josefsson <simon@josefsson.org> 2006-09-08 13:38:55 +0000
commit: c03f8dfaa3a3e002963160231e50f4693508f918 (patch)
tree: 7401edf8e6fbeb1edf36f790806d06acc4cbaf35
parent: c2a4db39bdca37697d197bebc918f872d7c58124 (diff)
download: gnutls-c03f8dfaa3a3e002963160231e50f4693508f918.tar.gz
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index fc2f2759a6..a35c599830 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2003, 2004, 2005 Free Software Foundation
+ * Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation
  *
  * Author: Nikos Mavroyanopoulos
  *
@@ -505,6 +505,15 @@ decode_ber_digest_info (const gnutls_datum_t * info,
       return GNUTLS_E_UNKNOWN_HASH_ALGORITHM;
     }
 
+  len = sizeof (str) - 1;
+  result = asn1_read_value (dinfo, "digestAlgorithm.parameters", NULL, &len);
+  if (result != ASN1_ELEMENT_NOT_FOUND)
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&dinfo);
+      return _gnutls_asn2err (result);
+    }
+
   result = asn1_read_value (dinfo, "digest", digest, digest_size);
   if (result != ASN1_SUCCESS)
     {
author	Simon Josefsson <simon@josefsson.org>	2006-09-08 13:38:55 +0000
committer	Simon Josefsson <simon@josefsson.org>	2006-09-08 13:38:55 +0000
commit	c03f8dfaa3a3e002963160231e50f4693508f918 (patch)
tree	7401edf8e6fbeb1edf36f790806d06acc4cbaf35
parent	c2a4db39bdca37697d197bebc918f872d7c58124 (diff)
download	gnutls-c03f8dfaa3a3e002963160231e50f4693508f918.tar.gz