[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Mon Mar 13 21:12:00 UTC 2017

The branch OpenSSL_1_0_2-stable has been updated
       via  04cf39207f94abf89b3964c7710f22f829a1a78f (commit)
      from  d843779ddf77aec75bcbc4666bc1fdeb9b120fe4 (commit)


- Log -----------------------------------------------------------------
commit 04cf39207f94abf89b3964c7710f22f829a1a78f
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Wed Mar 8 18:53:36 2017 +0100

    Fix a crash or unbounded allocation in RSA_padding_add_PKCS1_PSS_mgf1
    and RSA_verify_PKCS1_PSS_mgf1 with 512-bit RSA vs. sha-512.
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2881)
    
    (cherry picked from commit e653b6cd74f70c04b0b96b07df00680b427603af)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rsa/rsa_pss.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index 41bc084..2c3fd73 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -122,7 +122,11 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
         EM++;
         emLen--;
     }
-    if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */
+    if (emLen < hLen + 2) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
+        goto err;
+    }
+    if (sLen > emLen - hLen - 2) { /* sLen can be small negative */
         RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
         goto err;
     }
@@ -222,9 +226,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
         *EM++ = 0;
         emLen--;
     }
+    if (emLen < hLen + 2) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        goto err;
+    }
     if (sLen == -2) {
         sLen = emLen - hLen - 2;
-    } else if (emLen < (hLen + sLen + 2)) {
+    } else if (sLen > emLen - hLen - 2) {
         RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
                RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
         goto err;
