summaryrefslogtreecommitdiffstats
path: root/providers
diff options
context:
space:
mode:
authorDaniel Fiala <daniel@openssl.org>2022-06-19 23:40:46 +0200
committerTomas Mraz <tomas@openssl.org>2022-06-27 10:58:40 +0200
commit48320997b49b07b5abadec89c7fbe5d5f3d41da4 (patch)
treea0fe30741f349090db7f60cbf452827f55fa138c /providers
parent6162a2402d6b47c597c271bfb6a67d64bf183383 (diff)
Add checks for saltlen and trailerfield to rsa key writer.
Fixes openssl#18168. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18615)
Diffstat (limited to 'providers')
-rw-r--r--providers/common/der/der_rsa_key.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/providers/common/der/der_rsa_key.c b/providers/common/der/der_rsa_key.c
index 81ab0346cf..e1c078b906 100644
--- a/providers/common/der/der_rsa_key.c
+++ b/providers/common/der/der_rsa_key.c
@@ -305,6 +305,15 @@ int ossl_DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag,
saltlen = ossl_rsa_pss_params_30_saltlen(pss);
trailerfield = ossl_rsa_pss_params_30_trailerfield(pss);
+ if (saltlen < 0) {
+ ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_SALT_LENGTH);
+ return 0;
+ }
+ if (trailerfield != 1) {
+ ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_TRAILER);
+ return 0;
+ }
+
/* Getting default values */
default_hashalg_nid = ossl_rsa_pss_params_30_hashalg(NULL);
default_saltlen = ossl_rsa_pss_params_30_saltlen(NULL);