From 3bed13df1ce2466edc0b441427c122265deed509 Mon Sep 17 00:00:00 2001
From: Janos Follath <janos.follath@arm.com>
Date: Tue, 9 Feb 2016 14:51:35 +0000
Subject: [PATCH] Included test for integer underflow.

---
 library/rsa.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/library/rsa.c b/library/rsa.c
index fd33b53f0..154fa58c9 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -717,8 +717,12 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
      */
     hlen = md_get_size( md_info );
 
-    md_init( &md_ctx );
-    md_init_ctx( &md_ctx, md_info );
+    // checking for integer underflow
+    if( 2 * hlen + 2 > ilen )
+        return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+    mbedtls_md_init( &md_ctx );
+    mbedtls_md_setup( &md_ctx, md_info, 0 );
 
     /* Generate lHash */
     md( md_info, label, label_len, lhash );