add missing check of the OID
This commit is contained in:
		
							parent
							
								
									6bba3a2a70
								
							
						
					
					
						commit
						b06270645e
					
				| @ -46,6 +46,7 @@ int der_decode_subject_public_key_info(const unsigned char *in, unsigned long in | ||||
| 
 | ||||
|    LTC_ARGCHK(in    != NULL); | ||||
|    LTC_ARGCHK(inlen != 0); | ||||
|    LTC_ARGCHK(public_key_len != NULL); | ||||
| 
 | ||||
|    err = pk_get_oid(algorithm, &oid); | ||||
|    if (err != CRYPT_OK) { | ||||
| @ -63,8 +64,8 @@ int der_decode_subject_public_key_info(const unsigned char *in, unsigned long in | ||||
|    LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0])); | ||||
|    LTC_SET_ASN1(alg_id, 1, parameters_type, parameters, parameters_len); | ||||
| 
 | ||||
|    /* the actual format of the SSL DER key is odd, it stores a RSAPublicKey in a **BIT** string ... so we have to extract it
 | ||||
|       then proceed to convert bit to octet | ||||
|    /* the actual format of the SSL DER key is odd, it stores a RSAPublicKey
 | ||||
|     * in a **BIT** string ... so we have to extract it then proceed to convert bit to octet | ||||
|     */ | ||||
|    LTC_SET_ASN1(subject_pubkey, 0, LTC_ASN1_SEQUENCE, alg_id, 2); | ||||
|    LTC_SET_ASN1(subject_pubkey, 1, LTC_ASN1_RAW_BIT_STRING, tmpbuf, MAX_RSA_SIZE*8); | ||||
| @ -74,6 +75,13 @@ int der_decode_subject_public_key_info(const unsigned char *in, unsigned long in | ||||
|            goto LBL_ERR; | ||||
|    } | ||||
| 
 | ||||
|    if ((alg_id[0].size != oid.OIDlen) || | ||||
|        memcmp(oid.OID, alg_id[0].data, oid.OIDlen * sizeof(oid.OID[0]))) { | ||||
|         /* OID mismatch */ | ||||
|         err = CRYPT_PK_INVALID_TYPE; | ||||
|         goto LBL_ERR; | ||||
|    } | ||||
| 
 | ||||
|    len = subject_pubkey[1].size/8; | ||||
|    if (*public_key_len > len) { | ||||
|        memcpy(public_key, subject_pubkey[1].data, len); | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user