rsa: Re-enable use of zero-length null output
After merging the latest RSA implementation from Mbed TLS, we have a regression in that we no longer properly handle zero-length null output in PKCS1 v1.5 decryption. Prevent undefined behavior by avoiding a memcpy() to zero-length null output buffers.
This commit is contained in:
parent
68933640f5
commit
4728469f53
@ -1624,9 +1624,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
||||
plaintext_max_size,
|
||||
plaintext_max_size - plaintext_size );
|
||||
|
||||
/* Finally copy the decrypted plaintext plus trailing zeros
|
||||
* into the output buffer. */
|
||||
memcpy( output, buf + ilen - plaintext_max_size, plaintext_max_size );
|
||||
/* Finally copy the decrypted plaintext plus trailing zeros into the output
|
||||
* buffer. If output_max_len is 0, then output may be an invalid pointer
|
||||
* and the result of memcpy() would be undefined; prevent undefined
|
||||
* behavior making sure to depend only on output_max_len (the size of the
|
||||
* user-provided output buffer), which is independent from plaintext
|
||||
* length, validity of padding, success of the decryption, and other
|
||||
* secrets. */
|
||||
if( output_max_len != 0 )
|
||||
memcpy( output, buf + ilen - plaintext_max_size, plaintext_max_size );
|
||||
|
||||
/* Report the amount of data we copied to the output buffer. In case
|
||||
* of errors (bad padding or output too large), the value of *olen
|
||||
|
Loading…
Reference in New Issue
Block a user