Submitted by: Martin Kaiser

Reject PSS signatures with unsupported trailer value.
author: Dr. Stephen Henson <steve@openssl.org> 2010-03-11 23:11:36 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-03-11 23:11:36 +0000
commit: a907165250428fb06cc7a12d75274a9bbf7fe126 (patch)
tree: d9c4d12486436714688d45664febcfbae2f431a4
parent: e62774c3b97b4bf837d0777d7851df67f776d775 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 4daeca18a9..6f790c2548 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -530,6 +530,15 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
 	else
 		saltlen = 20;
 
+	/* low-level routines support only trailer field 0xbc (value 1)
+	 * and PKCS#1 says we should reject any other value anyway.
+	 */
+	if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1)
+		{
+		RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER);
+		goto err;
+		}
+
 	/* We have all parameters now set up context */
 
 	if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
author	Dr. Stephen Henson <steve@openssl.org>	2010-03-11 23:11:36 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-03-11 23:11:36 +0000
commit	a907165250428fb06cc7a12d75274a9bbf7fe126 (patch)
tree	d9c4d12486436714688d45664febcfbae2f431a4
parent	e62774c3b97b4bf837d0777d7851df67f776d775 (diff)