Commit 09f06923 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson Committed by Matt Caswell
Browse files

Reject invalid PSS parameters. 



Fix a bug where invalid PSS parameters are not rejected resulting in a
NULL pointer exception. This can be triggered during certificate
verification so could be a DoS attack against a client or a server
enabling client authentication.

Thanks to Brian Carpenter for reporting this issues.

CVE-2015-0208

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
parent 8106d61c

crypto/rsa/rsa_ameth.c

+2 −1
Original line number Diff line number Diff line
@@ -703,9 +703,10 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, 
        RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);

        return -1;

    }

    if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey))

    if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {

        /* Carry on */

        return 2;

    }

    return -1;

}