mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-16 06:53:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Submitted by: Martin Kaiser

Browse Source 
Reject PSS signatures with unsupported trailer value.
This commit is contained in:
Dr. Stephen Henson 2010-03-11 23:11:36 +00:00
parent e62774c3b9
commit a907165250
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
crypto/rsa/rsa_ameth.c
View File

@ -530,6 +530,15 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
else
saltlen = 20;
/* low-level routines support only trailer field 0xbc (value 1)
* and PKCS#1 says we should reject any other value anyway.
*/
if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1)
{
RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER);
goto err;
}
/* We have all parameters now set up context */
if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))