mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 12:15:28 +00:00
rsa: Re-enable use of zero-length null output
After merging the latest RSA implementation from Mbed TLS, we have a regression in that we no longer properly handle zero-length null output in PKCS1 v1.5 decryption. Prevent undefined behavior by avoiding a memcpy() to zero-length null output buffers.
This commit is contained in:
parent
68933640f5
commit
4728469f53
|
@ -1624,8 +1624,14 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
|||
plaintext_max_size,
|
||||
plaintext_max_size - plaintext_size );
|
||||
|
||||
/* Finally copy the decrypted plaintext plus trailing zeros
|
||||
* into the output buffer. */
|
||||
/* Finally copy the decrypted plaintext plus trailing zeros into the output
|
||||
* buffer. If output_max_len is 0, then output may be an invalid pointer
|
||||
* and the result of memcpy() would be undefined; prevent undefined
|
||||
* behavior making sure to depend only on output_max_len (the size of the
|
||||
* user-provided output buffer), which is independent from plaintext
|
||||
* length, validity of padding, success of the decryption, and other
|
||||
* secrets. */
|
||||
if( output_max_len != 0 )
|
||||
memcpy( output, buf + ilen - plaintext_max_size, plaintext_max_size );
|
||||
|
||||
/* Report the amount of data we copied to the output buffer. In case
|
||||
|
|
Loading…
Reference in a new issue