From de5499a73eb82e49da841144ea7d8a51892fb9b0 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 9 Aug 2016 16:11:26 +0200
Subject: gcrypt: backported PKCS#1 size check on verification

This backports 7730c6cba3e4d5e1d2c4acf3f433125910635a6e in
libgcrypt code.
---
 lib/gcrypt/pk.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/gcrypt/pk.c b/lib/gcrypt/pk.c
index b1ce8f9409..26f7eef05e 100644
--- a/lib/gcrypt/pk.c
+++ b/lib/gcrypt/pk.c
@@ -412,6 +412,7 @@ _wrap_gcry_pk_verify (gnutls_pk_algorithm_t algo,
   int rc = -1, ret;
   bigint_t hash;
   bigint_t tmp[2] = { NULL, NULL };
+  unsigned pub_size;
 
   if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
     {
@@ -479,6 +480,11 @@ _wrap_gcry_pk_verify (gnutls_pk_algorithm_t algo,
       break;
 
     case GNUTLS_PK_RSA:
+      pub_size = (_gnutls_mpi_get_nbits(pk_params->params[0])+7)/8;
+
+      if (signature->size != pub_size)
+        return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+
       ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
       if (ret < 0)
         {
-- 
cgit v1.2.1