yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 17:15:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

RSA PSS: remove redundant check; changelog

Browse Source 
Remove a check introduced in the previous buffer overflow fix with keys of
size 8N+1 which the subsequent fix for buffer start calculations made
redundant.

Added a changelog entry for the buffer start calculation fix.
This commit is contained in:
Gilles Peskine 2017-10-19 17:46:14 +02:00
parent 31a2d14b92
commit 9745cfd87d
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -10,6 +10,8 @@ Security
data is all zeros. data is all zeros.
Bugfix Bugfix
* Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
accepted. Generating these signatures required the private key.
* Fix ssl_parse_record_header() to silently discard invalid DTLS records * Fix ssl_parse_record_header() to silently discard invalid DTLS records
as recommended in RFC 6347 Section 4.1.2.7. as recommended in RFC 6347 Section 4.1.2.7.

3
library/rsa.c
View File

@ -1405,8 +1405,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
while( p < hash_start - 1 && *p == 0 ) while( p < hash_start - 1 && *p == 0 )
p++; p++;
if( p == hash_start || if( *p++ != 0x01 )
*p++ != 0x01 )
{ {
mbedtls_md_free( &md_ctx ); mbedtls_md_free( &md_ctx );
return( MBEDTLS_ERR_RSA_INVALID_PADDING ); return( MBEDTLS_ERR_RSA_INVALID_PADDING );