From 3ffa4350e8645818b4ffb86b957f8e30b72b1a82 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Mon, 3 Aug 2020 12:17:03 +1000
Subject: [PATCH] RSA PSS check input length is hash length

Input is the hash of the message and the hash type is the hash used to
generate the hash/input.
---
 wolfcrypt/src/rsa.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index b36678325..9be56c383 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -1121,6 +1121,9 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
     hLen = wc_HashGetDigestSize(hType);
     if (hLen < 0)
         return hLen;
+    if ((int)inputLen != hLen) {
+        return BAD_FUNC_ARG;
+    }
 
     hiBits = (bits - 1) & 0x7;
     if (hiBits == 0) {