RSA PSS: remove redundant check; changelog Remove a check introduced in the previous buffer overflow fix with keys of size 8N+1 which the subsequent fix for buffer start calculations made redundant. Added a changelog entry for the buffer start calculation fix.

commit: 9745cfd87d53c8c1752ff688c55ca7ab00efe4ce [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Oct 19 17:46:14 2017 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Mon Oct 23 14:49:43 2017 +0200
tree: f9c46de9570c81d21d1fa7dac1140c80cd4dddfc
parent: 31a2d14b92be6bbf66f3103bbdb04fb3aa26d72f [diff]
diff --git a/ChangeLog b/ChangeLog
index 51c002c..487a59a 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -10,6 +10,8 @@
      data is all zeros.
 
 Bugfix
+   * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
+     accepted. Generating these signatures required the private key.
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
      as recommended in RFC 6347 Section 4.1.2.7.
 

diff --git a/library/rsa.c b/library/rsa.c
index d923bc9..d2bddf6 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -1405,8 +1405,7 @@
     while( p < hash_start - 1 && *p == 0 )
         p++;
 
-    if( p == hash_start ||
-        *p++ != 0x01 )
+    if( *p++ != 0x01 )
     {
         mbedtls_md_free( &md_ctx );
         return( MBEDTLS_ERR_RSA_INVALID_PADDING );
commit	9745cfd87d53c8c1752ff688c55ca7ab00efe4ce	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Oct 19 17:46:14 2017 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Oct 23 14:49:43 2017 +0200
tree	f9c46de9570c81d21d1fa7dac1140c80cd4dddfc
parent	31a2d14b92be6bbf66f3103bbdb04fb3aa26d72f [diff]