mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-27 01:44:21 +01:00
RSA PSS: fix minimum length check for keys of size 8N+1
The check introduced by the previous security fix was off by one. It fixed the buffer overflow but was not compliant with the definition of PSS which technically led to accepting some invalid signatures (but not signatures made without the private key).
This commit is contained in:
parent
d0cd855145
commit
9e2058281d
@ -1370,9 +1370,6 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
hlen = mbedtls_md_get_size( md_info );
|
||||
if( siglen < hlen + 2 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
hash_start = buf + siglen - hlen - 1;
|
||||
|
||||
memset( zeros, 0, 8 );
|
||||
|
||||
@ -1391,6 +1388,10 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
||||
if( buf[0] >> ( 8 - siglen * 8 + msb ) )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
if( siglen < hlen + 2 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
hash_start = p + siglen - hlen - 1;
|
||||
|
||||
mbedtls_md_init( &md_ctx );
|
||||
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
|
||||
{
|
||||
|
@ -817,7 +817,7 @@ pkcs1_rsassa_pss_verify_ext:512:16:"00b076d23250816f9aab02307e452b97f0cae7598369
|
||||
|
||||
RSASSA-PSS verify ext, 521-bit key, SHA-512, empty salt, bad signature
|
||||
depends_on:MBEDTLS_SHA512_C
|
||||
pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"00471794655837da498cbf27242807b40593a353c707eb22fd2cc5a3259e728ac4f1df676043eeec8e16c1175b3d9ac8cae72ec1d5772dd69de71c5677f19031568e":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING
|
||||
pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"00471794655837da498cbf27242807b40593a353c707eb22fd2cc5a3259e728ac4f1df676043eeec8e16c1175b3d9ac8cae72ec1d5772dd69de71c5677f19031568e":MBEDTLS_ERR_RSA_BAD_INPUT_DATA:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
|
||||
RSASSA-PSS verify ext, all-zero padding, automatic salt length
|
||||
depends_on:MBEDTLS_SHA256_C
|
||||
|
Loading…
Reference in New Issue
Block a user