rsa: reject buffers with data outside main SEQUENCE when parsing keys

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-08-07 06:42:56 +03:00 · 2024-02-08 17:40:27 +01:00
parent 7a28738205
commit 9de84bd677
3 changed files with 13 additions and 7 deletions
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -108,7 +108,10 @@ int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, si
        return ret;
    }

-    /* mbedtls_asn1_get_tag() already ensures that len is valid (i.e. p+len <= end)*/
+    if (end != p + len) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
+
    end = p + len;

    if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) {
@@ -241,7 +244,10 @@ int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key,
        return ret;
    }

-    /* mbedtls_asn1_get_tag() already ensures that len is valid (i.e. p+len <= end)*/
+    if (end != p + len) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
+
    end = p + len;

    /* Import N */