wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #350 from JacobBarthelmeh/master

Browse Source 
check for invalid RSA OAEP with SHA512 test case
This commit is contained in:
toddouska
2016-03-16 16:25:13 -07:00
parent 7722c4484a 2dd5efd969
commit 46a01c29d8
2 changed files with 39 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
wolfcrypt/src/rsa.c
View File

@@ -421,8 +421,25 @@ static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
return ret;
}
/* handles check of location for idx as well as psLen */
/* handles check of location for idx as well as psLen, cast to int to check
for pkcsBlockLen(k) - 2 * hLen - 2 being negative
This check is similar to decryption where k > 2 * hLen + 2 as msg
size aproaches 0. In decryption if k is less than or equal -- then there
is no possible room for msg.
k = RSA key size
hLen = hash digest size -- will always be >= 0 at this point
*/
if ((word32)(2 * hLen + 2) > pkcsBlockLen) {
WOLFSSL_MSG("OAEP pad error hash to big for RSA key size");
#ifdef WOLFSSL_SMALL_STACK
XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return BAD_FUNC_ARG;
}
if (inputLen > (pkcsBlockLen - 2 * hLen - 2)) {
WOLFSSL_MSG("OAEP pad error message too long");
#ifdef WOLFSSL_SMALL_STACK
XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER);

8
wolfcrypt/test/test.c
View File

@@ -4195,6 +4195,11 @@ int rsa_test(void)
#endif /* NO_SHA256 */
#ifdef WOLFSSL_SHA512
/* Check valid RSA key size is used while using hash length of SHA512
If key size is less than (hash length * 2) + 2 then is invalid use
and test, since OAEP padding requires this.
BAD_FUNC_ARG is returned when this case is not met */
if (wc_RsaEncryptSize(&key) > ((int)SHA512_DIGEST_SIZE * 2) + 2) {
XMEMSET(plain, 0, sizeof(plain));
ret = wc_RsaPublicEncrypt_ex(in, inLen, out, sizeof(out), &key, &rng,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
@@ -4212,7 +4217,8 @@ int rsa_test(void)
free(tmp);
return -345;
}
#endif /* NO_SHA */
}
#endif /* WOLFSSL_SHA512 */
/* check using pkcsv15 padding with _ex API */
XMEMSET(plain, 0, sizeof(plain));