git.libre-soc.org Git - buildroot.git/blob

   1 From 6c5be116dd6997f68e524247751cff53c74519d7 Mon Sep 17 00:00:00 2001
   2 From: Jouni Malinen <jouni@qca.qualcomm.com>
   3 Date: Mon, 19 May 2014 23:26:43 +0300
   4 Subject: [PATCH] PKCS #1: Enforce minimum padding for decryption in
   5  internal TLS
   6
   7 Follow the PKCS #1 v1.5, 8.1 constraint of at least eight octets long PS
   8 for the case where the internal TLS implementation decrypts PKCS #1
   9 formatted data. Similar limit was already in place for signature
  10 validation, but not for this decryption routine.
  11
  12 Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
  13 ---
  14  src/tls/pkcs1.c | 5 +++++
  15  1 file changed, 5 insertions(+)
  16
  17 diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c
  18 index af58a42987c6..ea3e6171a1d1 100644
  19 --- a/src/tls/pkcs1.c
  20 +++ b/src/tls/pkcs1.c
  21 @@ -113,6 +113,11 @@ int pkcs1_v15_private_key_decrypt(struct crypto_rsa_key *key,
  22                 pos++;
  23         if (pos == end)
  24                 return -1;
  25 +       if (pos - out - 2 < 8) {
  26 +               /* PKCS #1 v1.5, 8.1: At least eight octets long PS */
  27 +               wpa_printf(MSG_INFO, "LibTomCrypt: Too short padding");
  28 +               return -1;
  29 +       }
  30         pos++;
  31
  32         *outlen -= pos - out;
  33 --
  34 2.0.0.rc2
  35