From 9745cfd87d53c8c1752ff688c55ca7ab00efe4ce Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Oct 2017 17:46:14 +0200 Subject: [PATCH] RSA PSS: remove redundant check; changelog Remove a check introduced in the previous buffer overflow fix with keys of size 8N+1 which the subsequent fix for buffer start calculations made redundant. Added a changelog entry for the buffer start calculation fix. --- ChangeLog | 2 ++ library/rsa.c | 3 +-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 51c002cad..487a59a06 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,8 @@ Security data is all zeros. Bugfix + * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were + accepted. Generating these signatures required the private key. * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. diff --git a/library/rsa.c b/library/rsa.c index d923bc924..d2bddf662 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1405,8 +1405,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, while( p < hash_start - 1 && *p == 0 ) p++; - if( p == hash_start || - *p++ != 0x01 ) + if( *p++ != 0x01 ) { mbedtls_md_free( &md_ctx ); return( MBEDTLS_ERR_RSA_INVALID_PADDING );