signature-params: Reject RSASSA-PSS params that result in negative salt len

The `salt_len` member in the struct is of type `ssize_t` because we use
negative values for special automatic salt lengths when generating
signatures.  This change ensures that `salt_len` will not overflow the
`len` fields of chunks (`size_t`), which could lead to integer overflows
when validating signatures (see the next commit).

Fixes: a22316520b91 ("signature-params: Add functions to parse/build ASN.1 RSASSA-PSS params")

diff --git a/src/libstrongswan/credentials/keys/signature_params.c b/src/libstrongswan/credentials/keys/signature_params.c
index d89bd2c96bb53b0323c69167ece8b62596032add..837de8443d439470e1b93044103646f5d2df95c3 100644 (file)
--- a/src/libstrongswan/credentials/keys/signature_params.c
+++ b/src/libstrongswan/credentials/keys/signature_params.c
@@ -322,7 +322,11 @@ bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params)
                        case RSASSA_PSS_PARAMS_SALT_LEN:
                                if (object.len)
                                {
-                                       params->salt_len = (size_t)asn1_parse_integer_uint64(object);
+                                       params->salt_len = (ssize_t)asn1_parse_integer_uint64(object);
+                                       if (params->salt_len < 0)
+                                       {
+                                               goto end;
+                                       }
                                }
                                break;
                        case RSASSA_PSS_PARAMS_TRAILER:

diff --git a/src/libstrongswan/tests/suites/test_signature_params.c b/src/libstrongswan/tests/suites/test_signature_params.c
index cbf1a28613356f673bdbb6b1eeda5eeba4d0835f..3b946a4e18359e1002a39d369684f2c9c6755a2b 100644 (file)
--- a/src/libstrongswan/tests/suites/test_signature_params.c
+++ b/src/libstrongswan/tests/suites/test_signature_params.c
@@ -111,6 +111,12 @@ chunk_t rsa_pss_parse_invalid_tests[] = {
        /* too long trailer */
        chunk_from_chars(0x30,0x13,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x06,
                                         0xa3,0x04,0x02,0x02,0x01,0x01),
+       /* invalid salt causing a negative value */
+       chunk_from_chars(0x30,0x4d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x40,0xa0,
+                                        0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,
+                                        0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,
+                                        0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x0a,
+                                        0x02,0x08,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xa3,0x03,0x02,0x01,0x01),
 };
 
 START_TEST(test_rsa_pss_params_parse_invalid)