Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added signature length check for RSA PSS signature verification. #11310

Closed
wants to merge 1 commit into from

Commits on Mar 18, 2020

  1. Add length check for RSA PKCS1 Decryption and Signature Verification

    According to RFC8017
    https://tools.ietf.org/html/rfc8017
    
    The first step of signature verification for RSASSA-PKCS1-v1_5 and RSASSA-PSS
    1.  Length checking: If the length of the signature S is not k
              octets, output "invalid signature" and stop.
    
    The first step of Decryption
    RSAES-OAEP
    1.  Length checking:
        b.  If the length of the ciphertext C is not k octets, output
            "decryption error" and stop.
    RSAES-PKCS1-v1_5
    1.  Length checking: If the length of the ciphertext C is not k
        octets (or if k < 11), output "decryption error" and stop.
    
    This patch
    - adds length check in rsa_ossl_public_decrypt
    - adds length check in rsa_ossl_private_decrypt
    - removes obselete SSL_R_WRONG_SIGNATURE_LENGTH
    - removes obselete RSA_R_DATA_GREATER_THAN_MOD_LEN
    - removes duplicated checks
    - added test-case that verifies X509 cert with signature with trucated leading 0's
    avgrygoriev committed Mar 18, 2020
    Configuration menu
    Copy the full SHA
    e4d6634 View commit details
    Browse the repository at this point in the history