Check input length to pkey_rsa_verify()

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2065)
author: Dr. Stephen Henson <steve@openssl.org> 2016-12-08 12:16:02 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2016-12-09 23:05:44 +0000
commit: 71bbc79b7d3b1195a7a7dd5f547d52ddce32d6f0 (patch)
tree: 437700dba7de18beb3f599e03f4059dfc1acc010 /crypto/rsa/rsa_pmeth.c
parent: 6c0e1e20d2756eaefe735e5edb56b83ccd9db9e6 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index e503ada873..db4fb0fbf7 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -229,6 +229,10 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
         if (rctx->pad_mode == RSA_PKCS1_PADDING)
             return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
                               sig, siglen, rsa);
+        if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
+            RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
+            return -1;
+        }
         if (rctx->pad_mode == RSA_X931_PADDING) {
             if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0)
                 return 0;
author	Dr. Stephen Henson <steve@openssl.org>	2016-12-08 12:16:02 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2016-12-09 23:05:44 +0000
commit	71bbc79b7d3b1195a7a7dd5f547d52ddce32d6f0 (patch)
tree	437700dba7de18beb3f599e03f4059dfc1acc010 /crypto/rsa/rsa_pmeth.c
parent	6c0e1e20d2756eaefe735e5edb56b83ccd9db9e6 (diff)