From: Dr. Stephen Henson Date: Mon, 9 Mar 2015 23:16:33 +0000 (+0000) Subject: Reject invalid PSS parameters. X-Git-Tag: OpenSSL_1_1_0-pre1~1512 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=09f06923e636019c39c807cb59c481375e720556;p=oweals%2Fopenssl.git Reject invalid PSS parameters. Fix a bug where invalid PSS parameters are not rejected resulting in a NULL pointer exception. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. Thanks to Brian Carpenter for reporting this issues. CVE-2015-0208 Reviewed-by: Tim Hudson --- diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 5e8701ac0a..6f4c104858 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -703,9 +703,10 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); return -1; } - if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey)) + if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) { /* Carry on */ return 2; + } return -1; }