From c405c3477fafa28aed13616f311be257eab5881d Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Thu, 17 Sep 2020 13:45:25 +0200
Subject: [PATCH] Protect against invalid write in RsaPad_PSS

---
 configure.ac        | 1 +
 wolfcrypt/src/rsa.c | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/configure.ac b/configure.ac
index 842fe1563..20704a3a2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4251,6 +4251,7 @@ AC_ARG_ENABLE([libest],
 if test "$ENABLED_LIBEST" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DHAVE_LIBEST -DWOLFSSL_ALT_NAMES"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
 
     # Requires opensslextra and opensslall
     if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index 58e24fb6c..726c41f7b 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -1252,6 +1252,11 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
     m += inputLen;
     o = 0;
     if (saltLen > 0) {
+        if (pkcsBlockLen < RSA_PSS_PAD_SZ + inputLen + saltLen) {
+            WOLFSSL_MSG("RSA-PSS Output buffer too short. "
+                        "Recommend using WOLFSSL_PSS_SALT_LEN_DISCOVER");
+            return PSS_SALTLEN_E;
+        }
         ret = wc_RNG_GenerateBlock(rng, salt, saltLen);
         if (ret == 0) {
             XMEMCPY(m, salt, saltLen);