signature-params: Properly handle MGF1 algorithm identifier without parameters

Credit to OSS-Fuzz.

Fixes: CVE-2018-6459

diff --git a/src/libstrongswan/credentials/keys/signature_params.c b/src/libstrongswan/credentials/keys/signature_params.c
index 6b4d22e7b2cd94af3bba57eea40324134809306b..8f42fb940f6b47d6d293bf07b0ffe55646875be3 100644 (file)
--- a/src/libstrongswan/credentials/keys/signature_params.c
+++ b/src/libstrongswan/credentials/keys/signature_params.c
@@ -280,13 +280,17 @@ bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params)
                        case RSASSA_PSS_PARAMS_MGF_ALG:
                                if (object.len)
                                {
-                                       chunk_t hash;
+                                       chunk_t hash = chunk_empty;
 
                                        alg = asn1_parse_algorithmIdentifier(object, level, &hash);
                                        if (alg != OID_MGF1)
                                        {
                                                goto end;
                                        }
+                                       if (!hash.len)
+                                       {
+                                               goto end;
+                                       }
                                        alg = asn1_parse_algorithmIdentifier(hash, level+1, NULL);
                                        params->mgf1_hash = hasher_algorithm_from_oid(alg);
                                        if (params->mgf1_hash == HASH_UNKNOWN)