fix(auth): reject invalid padding in digests

Digests must not have padding after the SEQUENCE or OCTET STRING.

Change-Id: Id25ab23111781f8c8a97c2c3c8edf1cc4a4384c0
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c
index d231179f5a374c16f7845556b1dcc377514bcc67..178bbf5f45f1083f4ed97ae323d3f1f1abbea252 100644 (file)
--- a/drivers/auth/mbedtls/mbedtls_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_crypto.c
@@ -170,12 +170,15 @@ static int verify_hash(void *data_ptr, unsigned int data_len,
        size_t len;
        int rc;
 
-       /* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
+       /*
+        * Digest info should be an MBEDTLS_ASN1_SEQUENCE
+        * and consume all bytes.
+        */
        p = (unsigned char *)digest_info_ptr;
        end = p + digest_info_len;
        rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
                                  MBEDTLS_ASN1_SEQUENCE);
-       if (rc != 0) {
+       if (rc != 0 || ((size_t)(end - p) != len)) {
                return CRYPTO_ERR_HASH;
        }
 
@@ -195,9 +198,9 @@ static int verify_hash(void *data_ptr, unsigned int data_len,
                return CRYPTO_ERR_HASH;
        }
 
-       /* Hash should be octet string type */
+       /* Hash should be octet string type and consume all bytes */
        rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
-       if (rc != 0) {
+       if ((rc != 0) || ((size_t)(end - p) != len)) {
                return CRYPTO_ERR_HASH;
        }