From: Dr. Stephen Henson <steve@openssl.org>
Date: Thu, 11 Mar 2010 23:11:36 +0000 (+0000)
Subject: Submitted by: Martin Kaiser
X-Git-Tag: OpenSSL-fips-2_0-rc1~1191
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a907165250428fb06cc7a12d75274a9bbf7fe126;p=openssl

Submitted by: Martin Kaiser

Reject PSS signatures with unsupported trailer value.
---

diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 4daeca18a9..6f790c2548 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -530,6 +530,15 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
 	else
 		saltlen = 20;
 
+	/* low-level routines support only trailer field 0xbc (value 1)
+	 * and PKCS#1 says we should reject any other value anyway.
+	 */
+	if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1)
+		{
+		RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER);
+		goto err;
+		}
+
 	/* We have all parameters now set up context */
 
 	if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))