From: Demi Marie Obenour <demiobenour@gmail.com>
Date: Thu, 8 Dec 2022 20:24:18 +0000 (-0500)
Subject: refactor(auth): partially validate SubjectPublicKeyInfo early
X-Git-Tag: baikal/aarch64/sdk5.10~1^2~288^2
X-Git-Url: https://git.baikalelectronics.ru/sdk/?a=commitdiff_plain;h=94c0cfbb82980439003713b8fcb7ae78859be069;p=arm-tf.git

refactor(auth): partially validate SubjectPublicKeyInfo early

This reduces the likelihood of future problems later.

Change-Id: Ia748b6ae31a7a48f17ec7f0fc08310a50cd1b135
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
---

diff --git a/drivers/auth/mbedtls/mbedtls_x509_parser.c b/drivers/auth/mbedtls/mbedtls_x509_parser.c
index 9cccd964d..244f1c95e 100644
--- a/drivers/auth/mbedtls/mbedtls_x509_parser.c
+++ b/drivers/auth/mbedtls/mbedtls_x509_parser.c
@@ -144,7 +144,7 @@ static int cert_parse(void *img, unsigned int img_len)
 {
 	int ret, is_critical;
 	size_t len;
-	unsigned char *p, *end, *crt_end;
+	unsigned char *p, *end, *crt_end, *pk_end;
 	mbedtls_asn1_buf sig_alg1, sig_alg2;
 	/*
 	 * The unique ASN.1 DER encoding of [0] EXPLICIT INTEGER { v3(2} }.
@@ -271,9 +271,22 @@ static int cert_parse(void *img, unsigned int img_len)
 	if (ret != 0) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
-	pk.len = (p + len) - pk.p;
+	pk_end = p + len;
+	pk.len = pk_end - pk.p;
+
+	ret = mbedtls_asn1_get_tag(&p, pk_end, &len, MBEDTLS_ASN1_CONSTRUCTED |
+				   MBEDTLS_ASN1_SEQUENCE);
+	if (ret != 0) {
+		return IMG_PARSER_ERR_FORMAT;
+	}
 	p += len;
 
+	ret = mbedtls_asn1_get_tag(&p, pk_end, &len, MBEDTLS_ASN1_BIT_STRING);
+	if ((ret != 0) || (p + len != pk_end)) {
+		return IMG_PARSER_ERR_FORMAT;
+	}
+	p = pk_end;
+
 	/*
 	 * issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
 	 */