summaryrefslogtreecommitdiff
path: root/thirdparty/openssl/crypto/rsa/rsa_pss.c
diff options
context:
space:
mode:
Diffstat (limited to 'thirdparty/openssl/crypto/rsa/rsa_pss.c')
-rw-r--r--thirdparty/openssl/crypto/rsa/rsa_pss.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/thirdparty/openssl/crypto/rsa/rsa_pss.c b/thirdparty/openssl/crypto/rsa/rsa_pss.c
index 41bc0844e4..2c3fd73b09 100644
--- a/thirdparty/openssl/crypto/rsa/rsa_pss.c
+++ b/thirdparty/openssl/crypto/rsa/rsa_pss.c
@@ -122,7 +122,11 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
EM++;
emLen--;
}
- if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */
+ if (emLen < hLen + 2) {
+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
+ goto err;
+ }
+ if (sLen > emLen - hLen - 2) { /* sLen can be small negative */
RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
goto err;
}
@@ -222,9 +226,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
*EM++ = 0;
emLen--;
}
+ if (emLen < hLen + 2) {
+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
+ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ goto err;
+ }
if (sLen == -2) {
sLen = emLen - hLen - 2;
- } else if (emLen < (hLen + sLen + 2)) {
+ } else if (sLen > emLen - hLen - 2) {
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
goto err;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 17:03:12 +0000