From 1fe7d9baf9daebce874fcc18d31b823bc186317a Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 15 Nov 2011 15:26:03 +0000 Subject: [PATCH] - Fixed incorrect behaviour in case of RSASSA-PSS with a salt length smaller than the hash length. (Closes ticket #41) --- ChangeLog | 2 ++ library/rsa.c | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index b37624538..077eac4f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,8 @@ Bugfix before version numbers * Allowed X509 key usage parsing to accept 4 byte values instead of the standard 1 byte version sometimes used by Microsoft. (Closes ticket #38) + * Fixed incorrect behaviour in case of RSASSA-PSS with a salt length + smaller than the hash length. (Closes ticket #41) = Version 1.0.0 released on 2011-07-27 Features diff --git a/library/rsa.c b/library/rsa.c index 488d17c19..de8e76596 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -818,6 +818,7 @@ int rsa_pkcs1_verify( rsa_context *ctx, unsigned char *p, c; unsigned char buf[1024]; #if defined(POLARSSL_PKCS1_V21) + unsigned char result[POLARSSL_MD_MAX_SIZE]; unsigned char zeros[8]; unsigned int hlen; size_t slen, msb; @@ -994,9 +995,9 @@ int rsa_pkcs1_verify( rsa_context *ctx, md_update( &md_ctx, zeros, 8 ); md_update( &md_ctx, hash, hashlen ); md_update( &md_ctx, p, slen ); - md_finish( &md_ctx, p ); + md_finish( &md_ctx, result ); - if( memcmp( p, p + slen, hlen ) == 0 ) + if( memcmp( p + slen, result, hlen ) == 0 ) return( 0 ); else return( POLARSSL_ERR_RSA_VERIFY_FAILED );