From a8c8c5ef2a8f5a27772eb708f2201429dd8d32b2 Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demiobenour@gmail.com>
Date: Thu, 8 Dec 2022 15:24:10 -0500
Subject: [PATCH] fix(auth): reject padding after BIT STRING in signatures

It is forbidden by ASN.1 DER.

Change-Id: Id8a48e14bb8a1a17a6481ea3fde0803723c05e31
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
---
 drivers/auth/mbedtls/mbedtls_crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c
index 178bbf5f4..42a09255d 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_crypto.c
@@ -115,7 +115,7 @@ static int verify_signature(void *data_ptr, unsigned int data_len,
 	end = (unsigned char *)(p + sig_len);
 	signature.tag = *p;
 	rc = mbedtls_asn1_get_bitstring_null(&p, end, &signature.len);
-	if (rc != 0) {
+	if ((rc != 0) || ((size_t)(end - p) != signature.len)) {
 		rc = CRYPTO_ERR_SIGNATURE;
 		goto end1;
 	}
-- 
2.39.5