Add checks for saltlen and trailerfield to rsa key writer.

Fixes openssl#18168. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18615) (cherry picked from commit 48320997b49b07b5abadec89c7fbe5d5f3d41da4)
author: Daniel Fiala <daniel@openssl.org> 2022-06-19 23:40:46 +0200
committer: Tomas Mraz <tomas@openssl.org> 2022-06-27 10:59:51 +0200
commit: de2541c2806280845a6babfab4339ccb5bfca10f (patch)
tree: 48d0d14bcbce0c01f76c2677c965ab5eba83aaed /providers/common
parent: cc7c127d697aba4f9630f5516d6f0e680f20332a (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/providers/common/der/der_rsa_key.c b/providers/common/der/der_rsa_key.c
index 81ab0346cf..e1c078b906 100644
--- a/providers/common/der/der_rsa_key.c
+++ b/providers/common/der/der_rsa_key.c
@@ -305,6 +305,15 @@ int ossl_DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag,
     saltlen = ossl_rsa_pss_params_30_saltlen(pss);
     trailerfield = ossl_rsa_pss_params_30_trailerfield(pss);
 
+    if (saltlen < 0) {
+        ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_SALT_LENGTH);
+        return 0;
+    }
+    if (trailerfield != 1) {
+        ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_TRAILER);
+        return 0;
+    }
+
     /* Getting default values */
     default_hashalg_nid = ossl_rsa_pss_params_30_hashalg(NULL);
     default_saltlen = ossl_rsa_pss_params_30_saltlen(NULL);
author	Daniel Fiala <daniel@openssl.org>	2022-06-19 23:40:46 +0200
committer	Tomas Mraz <tomas@openssl.org>	2022-06-27 10:59:51 +0200
commit	de2541c2806280845a6babfab4339ccb5bfca10f (patch)
tree	48d0d14bcbce0c01f76c2677c965ab5eba83aaed /providers/common
parent	cc7c127d697aba4f9630f5516d6f0e680f20332a (diff)