mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 23:25:29 +00:00
RSA PSS: fix minimum length check for keys of size 8N+1
The check introduced by the previous security fix was off by one. It fixed the buffer overflow but was not compliant with the definition of PSS which technically led to accepting some invalid signatures (but not signatures made without the private key).
This commit is contained in:
parent
511bb84c60
commit
7addb7f0a0
|
@ -1369,9 +1369,6 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
|
||||||
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
hlen = md_get_size( md_info );
|
hlen = md_get_size( md_info );
|
||||||
if( siglen < hlen + 2 )
|
|
||||||
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
|
|
||||||
hash_start = buf + siglen - hlen - 1;
|
|
||||||
|
|
||||||
memset( zeros, 0, 8 );
|
memset( zeros, 0, 8 );
|
||||||
|
|
||||||
|
@ -1390,6 +1387,10 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
|
||||||
if( buf[0] >> ( 8 - siglen * 8 + msb ) )
|
if( buf[0] >> ( 8 - siglen * 8 + msb ) )
|
||||||
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
if( siglen < hlen + 2 )
|
||||||
|
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
hash_start = p + siglen - hlen - 1;
|
||||||
|
|
||||||
md_init( &md_ctx );
|
md_init( &md_ctx );
|
||||||
if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
|
if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
|
||||||
{
|
{
|
||||||
|
|
|
@ -817,7 +817,7 @@ pkcs1_rsassa_pss_verify_ext:512:16:"00b076d23250816f9aab02307e452b97f0cae7598369
|
||||||
|
|
||||||
RSASSA-PSS verify ext, 521-bit key, SHA-512, empty salt, bad signature
|
RSASSA-PSS verify ext, 521-bit key, SHA-512, empty salt, bad signature
|
||||||
depends_on:POLARSSL_SHA512_C
|
depends_on:POLARSSL_SHA512_C
|
||||||
pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":POLARSSL_MD_SHA512:POLARSSL_MD_SHA512:POLARSSL_MD_SHA512:0:"":"00471794655837da498cbf27242807b40593a353c707eb22fd2cc5a3259e728ac4f1df676043eeec8e16c1175b3d9ac8cae72ec1d5772dd69de71c5677f19031568e":POLARSSL_ERR_RSA_INVALID_PADDING:POLARSSL_ERR_RSA_INVALID_PADDING
|
pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":POLARSSL_MD_SHA512:POLARSSL_MD_SHA512:POLARSSL_MD_SHA512:0:"":"00471794655837da498cbf27242807b40593a353c707eb22fd2cc5a3259e728ac4f1df676043eeec8e16c1175b3d9ac8cae72ec1d5772dd69de71c5677f19031568e":POLARSSL_ERR_RSA_BAD_INPUT_DATA:POLARSSL_ERR_RSA_BAD_INPUT_DATA
|
||||||
|
|
||||||
RSASSA-PSS verify ext, all-zero padding, automatic salt length
|
RSASSA-PSS verify ext, all-zero padding, automatic salt length
|
||||||
depends_on:POLARSSL_SHA256_C
|
depends_on:POLARSSL_SHA256_C
|
||||||
|
|
Loading…
Reference in a new issue