mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 01:04:20 +01:00
RSA PSS: remove redundant check; changelog
Remove a check introduced in the previous buffer overflow fix with keys of size 8N+1 which the subsequent fix for buffer start calculations made redundant. Added a changelog entry for the buffer start calculation fix.
This commit is contained in:
parent
31a2d14b92
commit
9745cfd87d
@ -10,6 +10,8 @@ Security
|
||||
data is all zeros.
|
||||
|
||||
Bugfix
|
||||
* Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
|
||||
accepted. Generating these signatures required the private key.
|
||||
* Fix ssl_parse_record_header() to silently discard invalid DTLS records
|
||||
as recommended in RFC 6347 Section 4.1.2.7.
|
||||
|
||||
|
@ -1405,8 +1405,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
||||
while( p < hash_start - 1 && *p == 0 )
|
||||
p++;
|
||||
|
||||
if( p == hash_start ||
|
||||
*p++ != 0x01 )
|
||||
if( *p++ != 0x01 )
|
||||
{
|
||||
mbedtls_md_free( &md_ctx );
|
||||
return( MBEDTLS_ERR_RSA_INVALID_PADDING );
|
||||
|
Loading…
Reference in New Issue
Block a user