From 28474f41a0b7eb34e4c0550c588d0aca7126fdfb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Oct 2017 17:46:14 +0200 Subject: [PATCH] RSA PSS: remove redundant check; changelog Remove a check introduced in the previous buffer overflow fix with keys of size 8N+1 which the subsequent fix for buffer start calculations made redundant. Added a changelog entry for the buffer start calculation fix. --- ChangeLog | 4 ++++ library/rsa.c | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9b3dc5c18..3de318419 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,10 @@ Security * Fix buffer overflow in RSA-PSS verification when the unmasked data is all zeros. +Bugfix + * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were + accepted. Generating these signatures required the private key. + = mbed TLS 1.3.21 branch released 2017-08-10 Security diff --git a/library/rsa.c b/library/rsa.c index 923294f0b..bbb028675 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1405,8 +1405,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx, while( p < hash_start - 1 && *p == 0 ) p++; - if( p == hash_start || - *p++ != 0x01 ) + if( *p++ != 0x01 ) { md_free( &md_ctx ); return( POLARSSL_ERR_RSA_INVALID_PADDING );