summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorSimon Josefsson <simon@josefsson.org>2006-09-08 13:38:55 +0000
committerSimon Josefsson <simon@josefsson.org>2006-09-08 13:38:55 +0000
commitc03f8dfaa3a3e002963160231e50f4693508f918 (patch)
tree7401edf8e6fbeb1edf36f790806d06acc4cbaf35 /lib
parentc2a4db39bdca37697d197bebc918f872d7c58124 (diff)
downloadgnutls-c03f8dfaa3a3e002963160231e50f4693508f918.tar.gz
Make sure the digestAlgorithm.parameters field is empty, which it has
to be for the hashes we support. Otherwise, the field can encode "garbage" that might be used to make the signature be a perfect cube, similar (but not identical) to Bleichenbacher's Crypto 06 rump session attack.
Diffstat (limited to 'lib')
-rw-r--r--lib/x509/verify.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index fc2f2759a6..a35c599830 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2003, 2004, 2005 Free Software Foundation
+ * Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation
*
* Author: Nikos Mavroyanopoulos
*
@@ -505,6 +505,15 @@ decode_ber_digest_info (const gnutls_datum_t * info,
return GNUTLS_E_UNKNOWN_HASH_ALGORITHM;
}
+ len = sizeof (str) - 1;
+ result = asn1_read_value (dinfo, "digestAlgorithm.parameters", NULL, &len);
+ if (result != ASN1_ELEMENT_NOT_FOUND)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&dinfo);
+ return _gnutls_asn2err (result);
+ }
+
result = asn1_read_value (dinfo, "digest", digest, digest_size);
if (result != ASN1_SUCCESS)
{