RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 05:47:35 +00:00
Code Issues Activity Actions

LibTLS: Use the TBS ASN.1 data when verifying certificates

Browse source
This commit is contained in:
stelar7 2023-04-12 15:05:37 +02:00 committed by Ali Mohammad Pur
parent 0b70314379
commit 2d2d2539b4
1 changed files with 1 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Userland/Libraries/LibTLS/TLSv12.cpp
View file

@ -377,9 +377,7 @@ bool Context::verify_certificate_pair(Certificate const& subject, Certificate co
auto verification_buffer_bytes = verification_buffer.bytes(); auto verification_buffer_bytes = verification_buffer.bytes();
rsa.verify(subject.signature_value, verification_buffer_bytes); rsa.verify(subject.signature_value, verification_buffer_bytes);
// FIXME: This slice is subject hack, this will work for most certificates, but you actually have to parse ReadonlyBytes message = subject.tbs_asn1.bytes();
// the ASN.1 data to correctly extract the signed part of the certificate.
ReadonlyBytes message = subject.original_asn1.bytes().slice(4, subject.original_asn1.size() - 4 - (5 + subject.signature_value.size()) - 15);
auto pkcs1 = Crypto::PK::EMSA_PKCS1_V1_5<Crypto::Hash::Manager>(kind); auto pkcs1 = Crypto::PK::EMSA_PKCS1_V1_5<Crypto::Hash::Manager>(kind);
auto verification = pkcs1.verify(message, verification_buffer_bytes, subject.signature_value.size() * 8); auto verification = pkcs1.verify(message, verification_buffer_bytes, subject.signature_value.size() * 8);
return verification == Crypto::VerificationConsistency::Consistent; return verification == Crypto::VerificationConsistency::Consistent;