Check for excess data in CertificateVerify

As reported by Alicja Kario, we ignored excess bytes after the signature payload in TLS CertificateVerify Messages. These should not be present. Fixes: #25298 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25302)
author: Viktor Dukhovni <openssl-users@dukhovni.org> 2024-08-28 12:36:09 +0200
committer: Tomas Mraz <tomas@openssl.org> 2024-08-29 19:32:00 +0200
commit: b4e4bf29ba3c67662c60ceed9afa2dd301e93273 (patch)
tree: b027c2a60f246c8fdc7c74f800d56fdada8bf07d
parent: s390x: support CPACF sha3/shake performance improvements (diff)
download: openssl-b4e4bf29ba3c67662c60ceed9afa2dd301e93273.tar.xz
openssl-b4e4bf29ba3c67662c60ceed9afa2dd301e93273.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 8932ac44ca..d52e2a7384 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -516,6 +516,10 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt)
         SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH);
         goto err;
     }
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
 
     if (!get_cert_verify_tbs_data(s, tls13tbs, &hdata, &hdatalen)) {
         /* SSLfatal() already called */
author	Viktor Dukhovni <openssl-users@dukhovni.org>	2024-08-28 12:36:09 +0200
committer	Tomas Mraz <tomas@openssl.org>	2024-08-29 19:32:00 +0200
commit	b4e4bf29ba3c67662c60ceed9afa2dd301e93273 (patch)
tree	b027c2a60f246c8fdc7c74f800d56fdada8bf07d
parent	s390x: support CPACF sha3/shake performance improvements (diff)
download	openssl-b4e4bf29ba3c67662c60ceed9afa2dd301e93273.tar.xz openssl-b4e4bf29ba3c67662c60ceed9afa2dd301e93273.zip