commit 46bad3375fc7b1607cf1e1f21af9c81de11c0434
author Cédric Meuter <cedric.meuter@worldline.com> Sun Jan 10 12:57:19 2021 +0100
committer Cédric Meuter <cedric.meuter@gmail.com> Sun Jan 10 13:20:35 2021 +0100
tree 4e9a90233c6e5c4441bacf57b2fcfb85e60f91ec
parent 61adfd6ac0151d2e8d07772baa1707775df8df3d

Added more negative test cases for pkcs1_rsassa_pss_sign

- removed the check on saltlen > 0 and added tests
  positive test cases for this.
- added negative test cases when even saltlen == 0
  is not enough. This allowed to uncover an underflow bu
  in the slen check (when olen-slen-2 is negative)
- fixed the saltlen check to avoid underflow
- added more test cases where saltlen is the maximum
  possible value and one above the maximum possible value
  (different hash, different key size)

Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>

library/rsa.c

diff --git a/library/rsa.c b/library/rsa.c
index 4958cad..0be5b0a 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1812,8 +1812,6 @@
                         hashlen == 0 ) ||
                       hash != NULL );
     RSA_VALIDATE_RET( sig != NULL );
-    RSA_VALIDATE_RET( saltlen == MBEDTLS_RSA_SALT_LEN_ANY ||
-                      saltlen > 0 );
 
     if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1856,7 +1854,7 @@
         else
             slen = olen - hlen - 2;
     }
-    else if ( (saltlen < 0) || ((size_t) saltlen > olen - hlen - 2) )
+    else if ( (saltlen < 0) || (saltlen + hlen + 2 > olen) )
     {
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
     }