Reject invalid PSS parameters.

Fix a bug where invalid PSS parameters are not rejected resulting in a NULL pointer exception. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. Thanks to Brian Carpenter for reporting this issues. CVE-2015-0208 Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-03-09 23:16:33 +0000
committer: Matt Caswell <matt@openssl.org> 2015-03-19 12:58:35 +0000
commit: 4b22cce3812052fe64fc3f6d58d8cc884e3cb834 (patch)
tree: bd8bc185d36ee0ed6a31e5750faa5e9b3fdba571 /crypto/rsa
parent: b717b083073b6cacc0a5e2397b661678aff7ae7f (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index c7106a3130..ca3922e6c2 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -698,9 +698,10 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
         RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
         return -1;
     }
-    if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey))
+    if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
         /* Carry on */
         return 2;
+    }
     return -1;
 }
author	Dr. Stephen Henson <steve@openssl.org>	2015-03-09 23:16:33 +0000
committer	Matt Caswell <matt@openssl.org>	2015-03-19 12:58:35 +0000
commit	4b22cce3812052fe64fc3f6d58d8cc884e3cb834 (patch)
tree	bd8bc185d36ee0ed6a31e5750faa5e9b3fdba571 /crypto/rsa
parent	b717b083073b6cacc0a5e2397b661678aff7ae7f (diff)