From 91048a3aac537721a84d964eeaa0de43ba14f791 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Oct 2017 17:46:14 +0200 Subject: [PATCH] RSA PSS: remove redundant check; changelog Remove a check introduced in the previous buffer overflow fix with keys of size 8N+1 which the subsequent fix for buffer start calculations made redundant. Added a changelog entry for the buffer start calculation fix. --- ChangeLog | 2 ++ library/rsa.c | 3 +-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6f7637dc1..4a2e710b2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,8 @@ Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. Found by projectgus and jethrogb, #836. * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. + * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were + accepted. Generating these signatures required the private key. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/library/rsa.c b/library/rsa.c index b54960fb7..148f6b345 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1399,8 +1399,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, while( p < hash_start - 1 && *p == 0 ) p++; - if( p == hash_start || - *p++ != 0x01 ) + if( *p++ != 0x01 ) { mbedtls_md_free( &md_ctx ); return( MBEDTLS_ERR_RSA_INVALID_PADDING );