diff options
author | Daniel Fiala <daniel@openssl.org> | 2022-06-19 23:40:46 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-06-27 10:58:40 +0200 |
commit | 48320997b49b07b5abadec89c7fbe5d5f3d41da4 (patch) | |
tree | a0fe30741f349090db7f60cbf452827f55fa138c /providers | |
parent | 6162a2402d6b47c597c271bfb6a67d64bf183383 (diff) |
Add checks for saltlen and trailerfield to rsa key writer.
Fixes openssl#18168.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18615)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/common/der/der_rsa_key.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/providers/common/der/der_rsa_key.c b/providers/common/der/der_rsa_key.c index 81ab0346cf..e1c078b906 100644 --- a/providers/common/der/der_rsa_key.c +++ b/providers/common/der/der_rsa_key.c @@ -305,6 +305,15 @@ int ossl_DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, saltlen = ossl_rsa_pss_params_30_saltlen(pss); trailerfield = ossl_rsa_pss_params_30_trailerfield(pss); + if (saltlen < 0) { + ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_SALT_LENGTH); + return 0; + } + if (trailerfield != 1) { + ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_TRAILER); + return 0; + } + /* Getting default values */ default_hashalg_nid = ossl_rsa_pss_params_30_hashalg(NULL); default_saltlen = ossl_rsa_pss_params_30_saltlen(NULL); |