commit fd67f61bb4b6f78a989612089b10ab1eccc93894
author David Benjamin <davidben@google.com> Mon Mar 20 19:21:36 2017 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Mar 21 16:17:19 2017 +0000
tree ac5cee7e488d2d6739718418aad94c13bf103069
parent 5916207dd33a69408e10c98b5712d408a665ca1d

Fix bounds check in RSA_verify_PKCS1_PSS_mgf1 when sLen is -2.

(Imported from upstream's 04cf39207f94abf89b3964c7710f22f829a1a78f.)

The other half of the change was fixed earlier, but this logic was still
off. This code is kind of a mess and needs a rewrite, but import the
change to get it correct and sufficiently tested first.

(If we could take the sLen = -2 case away altogether, that would be
great...)

Change-Id: I5786e980f26648822633fc216315e8f77ed4d45b
Reviewed-on: https://boringssl-review.googlesource.com/14321
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

crypto/evp/evp_tests.txt

diff --git a/crypto/evp/evp_tests.txt b/crypto/evp/evp_tests.txt
index 1d57bd5..48121f9 100644
--- a/crypto/evp/evp_tests.txt
+++ b/crypto/evp/evp_tests.txt
@@ -277,14 +277,13 @@
 Output = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 Error = DATA_TOO_LARGE
 
-# TODO(davidben): Add this as a regression test once upstream's fix is imported.
-# Verify = RSA-512
-# RSAPadding = PSS
-# PSSSaltLength = -2
-# Digest = SHA512
-# Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
-# Output = 457001d9ca50a93385fc5ec721c9dbbe7a0f2e9e4a2f846a30a8811dde66347b83901c7492039243537c7a667fafffd69049bcbd36afd0010d9b425e2d8785c1
-# Error = DATA_TOO_LARGE
+Verify = RSA-512
+RSAPadding = PSS
+PSSSaltLength = -2
+Digest = SHA512
+Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
+Output = 457001d9ca50a93385fc5ec721c9dbbe7a0f2e9e4a2f846a30a8811dde66347b83901c7492039243537c7a667fafffd69049bcbd36afd0010d9b425e2d8785c1
+Error = DATA_TOO_LARGE
 
 
 # RSA decrypt

crypto/rsa/padding.c

diff --git a/crypto/rsa/padding.c b/crypto/rsa/padding.c
index 3ed19ad..678457b 100644
--- a/crypto/rsa/padding.c
+++ b/crypto/rsa/padding.c
@@ -530,7 +530,7 @@
     EM++;
     emLen--;
   }
-  if (emLen < ((int)hLen + sLen + 2)) {
+  if (emLen < (int)hLen + 2 || emLen < ((int)hLen + sLen + 2)) {
     /* sLen can be small negative */
     OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE);
     goto err;