git.ipfire.org Git - thirdparty/strongswan.git/commit

author	Tobias Brunner <tobias@strongswan.org>
	Thu, 21 Aug 2025 08:24:37 +0000 (10:24 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Thu, 21 Aug 2025 08:56:20 +0000 (10:56 +0200)
commit	619ccbdbafa326b54e5d998b2f1b271936c080b1
tree	3fd6d0443c01ac00ca6474e7aa25a897c3b48f03	tree
parent	2560146204f81da1a3f2c6dd2aa38f681ac05758	commit \| diff

pkcs11: Improve detection of already unwrapped CKA_EC_POINTs

If an uncompressed point is already unwrapped (incorrect but some tokens/
modules do this) and therefore still looks like an ASN.1 octet string,
there could be false positives with the previous checks that lead to
mangled points.

By ensuring that we unwrapped the complete ASN.1 chunk, we can already
reduce the false positive rate when the assumed length is smaller than
the chunk, which we previously accepted but isn't the case in correctly
encoded points.

And while we already checked that the first byte indicates a valid point
type/encoding, there could still be false positives. We can avoid those
with some checks on the length of the unwrapped point. In particular,
enforcing a multiple of 4/8 should fail for valid unwrapped points where
three bytes were removed in the process (ASN.1 tag and length, point
encoding).