diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2024-08-28 12:36:09 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-08-29 19:32:00 +0200 |
commit | b4e4bf29ba3c67662c60ceed9afa2dd301e93273 (patch) | |
tree | b027c2a60f246c8fdc7c74f800d56fdada8bf07d /ssl | |
parent | s390x: support CPACF sha3/shake performance improvements (diff) | |
download | openssl-b4e4bf29ba3c67662c60ceed9afa2dd301e93273.tar.xz openssl-b4e4bf29ba3c67662c60ceed9afa2dd301e93273.zip |
Check for excess data in CertificateVerify
As reported by Alicja Kario, we ignored excess bytes after the
signature payload in TLS CertificateVerify Messages. These
should not be present.
Fixes: #25298
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25302)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/statem_lib.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 8932ac44ca..d52e2a7384 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -516,6 +516,10 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt) SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } + if (PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); + goto err; + } if (!get_cert_verify_tbs_data(s, tls13tbs, &hdata, &hdatalen)) { /* SSLfatal() already called */ |