- Fixed incorrect behaviour in case of RSASSA-PSS with a salt length smaller than the hash length. (Closes ticket #41)

This commit is contained in:
Paul Bakker 2011-11-15 15:26:03 +00:00
parent cebdf17159
commit 1fe7d9baf9
2 changed files with 5 additions and 2 deletions

View File

@ -28,6 +28,8 @@ Bugfix
before version numbers before version numbers
* Allowed X509 key usage parsing to accept 4 byte values instead of the * Allowed X509 key usage parsing to accept 4 byte values instead of the
standard 1 byte version sometimes used by Microsoft. (Closes ticket #38) standard 1 byte version sometimes used by Microsoft. (Closes ticket #38)
* Fixed incorrect behaviour in case of RSASSA-PSS with a salt length
smaller than the hash length. (Closes ticket #41)
= Version 1.0.0 released on 2011-07-27 = Version 1.0.0 released on 2011-07-27
Features Features

View File

@ -818,6 +818,7 @@ int rsa_pkcs1_verify( rsa_context *ctx,
unsigned char *p, c; unsigned char *p, c;
unsigned char buf[1024]; unsigned char buf[1024];
#if defined(POLARSSL_PKCS1_V21) #if defined(POLARSSL_PKCS1_V21)
unsigned char result[POLARSSL_MD_MAX_SIZE];
unsigned char zeros[8]; unsigned char zeros[8];
unsigned int hlen; unsigned int hlen;
size_t slen, msb; size_t slen, msb;
@ -994,9 +995,9 @@ int rsa_pkcs1_verify( rsa_context *ctx,
md_update( &md_ctx, zeros, 8 ); md_update( &md_ctx, zeros, 8 );
md_update( &md_ctx, hash, hashlen ); md_update( &md_ctx, hash, hashlen );
md_update( &md_ctx, p, slen ); md_update( &md_ctx, p, slen );
md_finish( &md_ctx, p ); md_finish( &md_ctx, result );
if( memcmp( p, p + slen, hlen ) == 0 ) if( memcmp( p + slen, result, hlen ) == 0 )
return( 0 ); return( 0 );
else else
return( POLARSSL_ERR_RSA_VERIFY_FAILED ); return( POLARSSL_ERR_RSA_VERIFY_FAILED );