Reject invalid PSS parameters.

Fix a bug where invalid PSS parameters are not rejected resulting in a NULL pointer exception. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. Thanks to Brian Carpenter for reporting this issues. CVE-2015-0208 Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-03-09 23:16:33 +0000
committer: Matt Caswell <matt@openssl.org> 2015-03-19 13:01:13 +0000
commit: 09f06923e636019c39c807cb59c481375e720556 (patch)
tree: 9fce22d849ad939875ff3a95f5e48fe0abab263f /crypto/rsa/rsa_ameth.c
parent: 8106d61c354430d6bbbd7f8e7840a39efc0f5829 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 5e8701ac0a..6f4c104858 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -703,9 +703,10 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
         RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
         return -1;
     }
-    if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey))
+    if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
         /* Carry on */
         return 2;
+    }
     return -1;
 }
author	Dr. Stephen Henson <steve@openssl.org>	2015-03-09 23:16:33 +0000
committer	Matt Caswell <matt@openssl.org>	2015-03-19 13:01:13 +0000
commit	09f06923e636019c39c807cb59c481375e720556 (patch)
tree	9fce22d849ad939875ff3a95f5e48fe0abab263f /crypto/rsa/rsa_ameth.c
parent	8106d61c354430d6bbbd7f8e7840a39efc0f5829 (diff)