mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-03 16:46:55 +00:00
RSA PSS: remove redundant check; changelog
Remove a check introduced in the previous buffer overflow fix with keys of size 8N+1 which the subsequent fix for buffer start calculations made redundant. Added a changelog entry for the buffer start calculation fix.
This commit is contained in:
parent
b00b0da452
commit
91048a3aac
|
@ -18,6 +18,8 @@ Bugfix
|
||||||
* Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
|
* Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
|
||||||
Found by projectgus and jethrogb, #836.
|
Found by projectgus and jethrogb, #836.
|
||||||
* Fix usage help in ssl_server2 example. Found and fixed by Bei Lin.
|
* Fix usage help in ssl_server2 example. Found and fixed by Bei Lin.
|
||||||
|
* Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
|
||||||
|
accepted. Generating these signatures required the private key.
|
||||||
|
|
||||||
= mbed TLS 2.6.0 branch released 2017-08-10
|
= mbed TLS 2.6.0 branch released 2017-08-10
|
||||||
|
|
||||||
|
|
|
@ -1399,8 +1399,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
||||||
while( p < hash_start - 1 && *p == 0 )
|
while( p < hash_start - 1 && *p == 0 )
|
||||||
p++;
|
p++;
|
||||||
|
|
||||||
if( p == hash_start ||
|
if( *p++ != 0x01 )
|
||||||
*p++ != 0x01 )
|
|
||||||
{
|
{
|
||||||
mbedtls_md_free( &md_ctx );
|
mbedtls_md_free( &md_ctx );
|
||||||
return( MBEDTLS_ERR_RSA_INVALID_PADDING );
|
return( MBEDTLS_ERR_RSA_INVALID_PADDING );
|
||||||
|
|
Loading…
Reference in a new issue