diff options
| author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2017-03-08 18:53:36 +0100 |
|---|---|---|
| committer | Andy Polyakov <appro@openssl.org> | 2017-03-13 22:09:25 +0100 |
| commit | e653b6cd74f70c04b0b96b07df00680b427603af (patch) | |
| tree | d1f8dbeeedf08f1a3164632307dfbc3ffb1d41a4 /crypto/rsa/rsa_pss.c | |
| parent | 641de7f7874439eb423eb7ace8fec58160cd6e37 (diff) | |
Fix a crash or unbounded allocation in RSA_padding_add_PKCS1_PSS_mgf1
and RSA_verify_PKCS1_PSS_mgf1 with 512-bit RSA vs. sha-512.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2881)
Diffstat (limited to 'crypto/rsa/rsa_pss.c')
| -rw-r--r-- | crypto/rsa/rsa_pss.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 0ec63b2ec7..2aebbe9606 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -76,7 +76,11 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, EM++; emLen--; } - if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */ + if (emLen < hLen + 2) { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE); + goto err; + } + if (sLen > emLen - hLen - 2) { /* sLen can be small negative */ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE); goto err; } @@ -175,9 +179,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, *EM++ = 0; emLen--; } + if (emLen < hLen + 2) { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, + RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; + } if (sLen == -2) { sLen = emLen - hLen - 2; - } else if (emLen < (hLen + sLen + 2)) { + } else if (sLen > emLen - hLen - 2) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); goto err; |