From a907165250428fb06cc7a12d75274a9bbf7fe126 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 11 Mar 2010 23:11:36 +0000 Subject: [PATCH] Submitted by: Martin Kaiser Reject PSS signatures with unsupported trailer value. --- crypto/rsa/rsa_ameth.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 4daeca18a9..6f790c2548 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -530,6 +530,15 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, else saltlen = 20; + /* low-level routines support only trailer field 0xbc (value 1) + * and PKCS#1 says we should reject any other value anyway. + */ + if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) + { + RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER); + goto err; + } + /* We have all parameters now set up context */ if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey)) -- 2.25.1