RSA PSS: remove redundant check; changelog

Remove a check introduced in the previous buffer overflow fix with keys of
size 8N+1 which the subsequent fix for buffer start calculations made
redundant.

Added a changelog entry for the buffer start calculation fix.
This commit is contained in:
Gilles Peskine 2017-10-19 17:46:14 +02:00
parent 5d9224e11c
commit 28474f41a0
2 changed files with 5 additions and 2 deletions

View file

@ -9,6 +9,10 @@ Security
* Fix buffer overflow in RSA-PSS verification when the unmasked * Fix buffer overflow in RSA-PSS verification when the unmasked
data is all zeros. data is all zeros.
Bugfix
* Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
accepted. Generating these signatures required the private key.
= mbed TLS 1.3.21 branch released 2017-08-10 = mbed TLS 1.3.21 branch released 2017-08-10
Security Security

View file

@ -1405,8 +1405,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
while( p < hash_start - 1 && *p == 0 ) while( p < hash_start - 1 && *p == 0 )
p++; p++;
if( p == hash_start || if( *p++ != 0x01 )
*p++ != 0x01 )
{ {
md_free( &md_ctx ); md_free( &md_ctx );
return( POLARSSL_ERR_RSA_INVALID_PADDING ); return( POLARSSL_ERR_RSA_INVALID_PADDING );