- Fixed incorrect behaviour in case of RSASSA-PSS with a salt length smaller than the hash length. (Closes ticket #41)

commit: 1fe7d9baf9daebce874fcc18d31b823bc186317a [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Tue Nov 15 15:26:03 2011 +0000
committer: Paul Bakker <p.j.bakker@polarssl.org> Tue Nov 15 15:26:03 2011 +0000
tree: ae6eecdbee468dc5461f963193d0d45360f98a87
parent: cebdf17159b5f2f63338a27faaff06e4df94396f [diff] [blame]
diff --git a/library/rsa.c b/library/rsa.c
index 488d17c..de8e765 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -818,6 +818,7 @@
     unsigned char *p, c;
     unsigned char buf[1024];
 #if defined(POLARSSL_PKCS1_V21)
+    unsigned char result[POLARSSL_MD_MAX_SIZE];
     unsigned char zeros[8];
     unsigned int hlen;
     size_t slen, msb;
@@ -994,9 +995,9 @@
             md_update( &md_ctx, zeros, 8 );
             md_update( &md_ctx, hash, hashlen );
             md_update( &md_ctx, p, slen );
-            md_finish( &md_ctx, p );
+            md_finish( &md_ctx, result );
 
-            if( memcmp( p, p + slen, hlen ) == 0 )
+            if( memcmp( p + slen, result, hlen ) == 0 )
                 return( 0 );
             else
                 return( POLARSSL_ERR_RSA_VERIFY_FAILED );
commit	1fe7d9baf9daebce874fcc18d31b823bc186317a	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Tue Nov 15 15:26:03 2011 +0000
committer	Paul Bakker <p.j.bakker@polarssl.org>	Tue Nov 15 15:26:03 2011 +0000
tree	ae6eecdbee468dc5461f963193d0d45360f98a87
parent	cebdf17159b5f2f63338a27faaff06e4df94396f [diff] [blame]