RSA: Fix buffer overflow in PSS signature verification
Fix buffer overflow in RSA-PSS signature verification when the hash is
too large for the key size. Found by Seth Terashima, Qualcomm.
Added a non-regression test and a positive test with the smallest
permitted key size for a SHA-512 hash.
diff --git a/library/rsa.c b/library/rsa.c
index 40ea642..db078d9 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1369,6 +1369,8 @@
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
hlen = mbedtls_md_get_size( md_info );
+ if( siglen < hlen + 2 )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
slen = siglen - hlen - 1; /* Currently length of salt + padding */
memset( zeros, 0, 8 );