- Fixed incorrect behaviour in case of RSASSA-PSS with a salt length smaller than the hash length. (Closes ticket #41)

2011-11-15 15:26:03 +00:00 · 2011-11-15 15:26:03 +00:00 · 1fe7d9baf9
commit 1fe7d9baf9
parent cebdf17159
2 changed files with 5 additions and 2 deletions
--- a/2
+++ b/2
@ -28,6 +28,8 @@ Bugfix
     before version numbers
   * Allowed X509 key usage parsing to accept 4 byte values instead of the
     standard 1 byte version sometimes used by Microsoft. (Closes ticket #38)
+   * Fixed incorrect behaviour in case of RSASSA-PSS with a salt length
+     smaller than the hash length. (Closes ticket #41)

 = Version 1.0.0 released on 2011-07-27
 Features
--- a/library/rsa.c
+++ b/library/rsa.c
@ -818,6 +818,7 @@ int rsa_pkcs1_verify( rsa_context *ctx,
    unsigned char *p, c;
    unsigned char buf[1024];
 #if defined(POLARSSL_PKCS1_V21)
+    unsigned char result[POLARSSL_MD_MAX_SIZE];
    unsigned char zeros[8];
    unsigned int hlen;
    size_t slen, msb;
@ -994,9 +995,9 @@ int rsa_pkcs1_verify( rsa_context *ctx,
            md_update( &md_ctx, zeros, 8 );
            md_update( &md_ctx, hash, hashlen );
            md_update( &md_ctx, p, slen );
-            md_finish( &md_ctx, p );
+            md_finish( &md_ctx, result );

-            if( memcmp( p, p + slen, hlen ) == 0 )
+            if( memcmp( p + slen, result, hlen ) == 0 )
                return( 0 );
            else
                return( POLARSSL_ERR_RSA_VERIFY_FAILED );