Merge remote-tracking branch 'restricted/iotssl-1138-rsa-padding-check-restricted' into development-restricted

* restricted/iotssl-1138-rsa-padding-check-restricted: RSA PKCS1v1.5 verification: check padding length
2025-07-29 11:41:15 +03:00 · 2017-06-08 20:31:06 +02:00
parent a0bf6ecfc3 c1380de887
commit b86b143030
3 changed files with 11 additions and 1 deletions
--- a/library/rsa.c
+++ b/library/rsa.c
@ -1499,7 +1499,11 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
        p++;
    }
-    p++;
+    p++; /* skip 00 byte */
+
+    /* We've read: 00 01 PS 00 where PS must be at least 8 bytes */
+    if( p - buf < 11 )
+        return( MBEDTLS_ERR_RSA_INVALID_PADDING );

    len = siglen - ( p - buf );