wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Protect against invalid write in RsaPad_PSS

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2020-09-17 13:45:25 +02:00
parent 2a9bb906a9
commit c405c3477f
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configure.ac
View File

@ -4251,6 +4251,7 @@ AC_ARG_ENABLE([libest],
if test "$ENABLED_LIBEST" = "yes" if test "$ENABLED_LIBEST" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DHAVE_LIBEST -DWOLFSSL_ALT_NAMES" AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DHAVE_LIBEST -DWOLFSSL_ALT_NAMES"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
# Requires opensslextra and opensslall # Requires opensslextra and opensslall
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"

5
wolfcrypt/src/rsa.c
View File

@ -1252,6 +1252,11 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
m += inputLen; m += inputLen;
o = 0; o = 0;
if (saltLen > 0) { if (saltLen > 0) {
if (pkcsBlockLen < RSA_PSS_PAD_SZ + inputLen + saltLen) {
WOLFSSL_MSG("RSA-PSS Output buffer too short. "
"Recommend using WOLFSSL_PSS_SALT_LEN_DISCOVER");
return PSS_SALTLEN_E;
}
ret = wc_RNG_GenerateBlock(rng, salt, saltLen); ret = wc_RNG_GenerateBlock(rng, salt, saltLen);
if (ret == 0) { if (ret == 0) {
XMEMCPY(m, salt, saltLen); XMEMCPY(m, salt, saltLen);