Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 5d62c474ce1595625d5ae0cc2f9c432f6816ed80^1..5d62c474ce1595625d5ae0cc2f9c432f6816ed80 / .
commit5d62c474ce1595625d5ae0cc2f9c432f6816ed80[log] [tgz]
authorSandrine Bailleux <sandrine.bailleux@arm.com>Tue Jan 03 17:55:02 2023 +0100
committerTrustedFirmware Code Review <review@review.trustedfirmware.org>Tue Jan 03 17:55:02 2023 +0100
treec98dcf692302b8f93b622f329afd1db7fc30b723
parent916eebe1979b8919dfd3e12c0144d850f16c3abf [diff]
parent0587d9c8b23ecd548dfaf14b67d4ac6d9369fd3b [diff]
Merge changes I794d2927,Ie33205fb,Ifdbe3b4c into integration

* changes:
  refactor(auth): do not include SEQUENCE tag in saved extensions
  fix(auth): reject junk after certificates
  fix(auth): require bit strings to have no unused bits

diff --git a/drivers/auth/mbedtls/mbedtls_x509_parser.c b/drivers/auth/mbedtls/mbedtls_x509_parser.c
index 244f1c9..4b880d9 100644
--- a/drivers/auth/mbedtls/mbedtls_x509_parser.c
+++ b/drivers/auth/mbedtls/mbedtls_x509_parser.c

@@ -85,9 +85,6 @@
 	p = v3_ext.p;
 	end = v3_ext.p + v3_ext.len;
 
-	mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
-			     MBEDTLS_ASN1_SEQUENCE);
-
 	while (p < end) {
 		zeromem(&extn_oid, sizeof(extn_oid));
 		is_critical = 0; /* DEFAULT FALSE */
@@ -178,7 +175,7 @@
 		return IMG_PARSER_ERR_FORMAT;
 	}
 
-	if (len > (size_t)(end - p)) {
+	if (len != (size_t)(end - p)) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
 	crt_end = p + len;
@@ -274,6 +271,7 @@
 	pk_end = p + len;
 	pk.len = pk_end - pk.p;
 
+	/* algorithm */
 	ret = mbedtls_asn1_get_tag(&p, pk_end, &len, MBEDTLS_ASN1_CONSTRUCTED |
 				   MBEDTLS_ASN1_SEQUENCE);
 	if (ret != 0) {
@@ -281,7 +279,8 @@
 	}
 	p += len;
 
-	ret = mbedtls_asn1_get_tag(&p, pk_end, &len, MBEDTLS_ASN1_BIT_STRING);
+	/* Key is a BIT STRING and must use all bytes in SubjectPublicKeyInfo */
+	ret = mbedtls_asn1_get_bitstring_null(&p, pk_end, &len);
 	if ((ret != 0) || (p + len != pk_end)) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
@@ -341,13 +340,13 @@
 	 * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
 	 * -- must use all remaining bytes in TBSCertificate
 	 */
-	v3_ext.p = p;
 	ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
 				   MBEDTLS_ASN1_SEQUENCE);
 	if ((ret != 0) || (len != (size_t)(end - p))) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
-	v3_ext.len = end - v3_ext.p;
+	v3_ext.p = p;
+	v3_ext.len = len;
 
 	/*
 	 * Check extensions integrity.  At least one extension is
@@ -422,7 +421,7 @@
 	 * signatureValue       BIT STRING
 	 */
 	signature.p = p;
-	ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_BIT_STRING);
+	ret = mbedtls_asn1_get_bitstring_null(&p, end, &len);
 	if (ret != 0) {
 		return IMG_PARSER_ERR_FORMAT;
 	}