Fix bounds check in RSA_verify_PKCS1_PSS_mgf1 when sLen is -2.
(Imported from upstream's 04cf39207f94abf89b3964c7710f22f829a1a78f.) The other half of the change was fixed earlier, but this logic was still off. This code is kind of a mess and needs a rewrite, but import the change to get it correct and sufficiently tested first. (If we could take the sLen = -2 case away altogether, that would be great...) Change-Id: I5786e980f26648822633fc216315e8f77ed4d45b Reviewed-on: https://boringssl-review.googlesource.com/14321 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin
CQ bot account: commit-bot@chromium.org
parent
5916207dd3
commit
fd67f61bb4
@ -277,14 +277,13 @@ Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
|
||||
Output = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
|
||||
Error = DATA_TOO_LARGE
|
||||
|
||||
# TODO(davidben): Add this as a regression test once upstream's fix is imported.
|
||||
# Verify = RSA-512
|
||||
# RSAPadding = PSS
|
||||
# PSSSaltLength = -2
|
||||
# Digest = SHA512
|
||||
# Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
|
||||
# Output = 457001d9ca50a93385fc5ec721c9dbbe7a0f2e9e4a2f846a30a8811dde66347b83901c7492039243537c7a667fafffd69049bcbd36afd0010d9b425e2d8785c1
|
||||
# Error = DATA_TOO_LARGE
|
||||
Verify = RSA-512
|
||||
RSAPadding = PSS
|
||||
PSSSaltLength = -2
|
||||
Digest = SHA512
|
||||
Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
|
||||
Output = 457001d9ca50a93385fc5ec721c9dbbe7a0f2e9e4a2f846a30a8811dde66347b83901c7492039243537c7a667fafffd69049bcbd36afd0010d9b425e2d8785c1
|
||||
Error = DATA_TOO_LARGE
|
||||
|
||||
|
||||
# RSA decrypt
|
||||
|
||||
@ -530,7 +530,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash,
|
||||
EM++;
|
||||
emLen--;
|
||||
}
|
||||
if (emLen < ((int)hLen + sLen + 2)) {
|
||||
if (emLen < (int)hLen + 2 || emLen < ((int)hLen + sLen + 2)) {
|
||||
/* sLen can be small negative */
|
||||
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE);
|
||||
goto err;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user