summaryrefslogtreecommitdiff
path: root/pkcs1-sec-decrypt.c
diff options
context:
space:
mode:
authorNiels Möller <nisse@lysator.liu.se>2021-05-06 21:30:23 +0200
committerNiels Möller <nisse@lysator.liu.se>2021-06-08 21:29:50 +0200
commitfd6d9ba7ca92912762c072fcf74490bc5d63d633 (patch)
tree567f13b9c947355077c8bf02845f651138b6fc98 /pkcs1-sec-decrypt.c
parenta46a17e9f57c64984d5246aa3475e45f8c562ec7 (diff)
downloadnettle-fd6d9ba7ca92912762c072fcf74490bc5d63d633.tar.gz
Add check that message length to _pkcs1_sec_decrypt is valid.
* pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt): Check that message length is valid, for given key size. * testsuite/rsa-sec-decrypt-test.c (test_main): Add test cases for calls to rsa_sec_decrypt specifying a too large message length. (cherry picked from commit 7616541e6eff73353bf682c62e3a68e4fe696707)
Diffstat (limited to 'pkcs1-sec-decrypt.c')
-rw-r--r--pkcs1-sec-decrypt.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/pkcs1-sec-decrypt.c b/pkcs1-sec-decrypt.c
index 4f13080e..16833691 100644
--- a/pkcs1-sec-decrypt.c
+++ b/pkcs1-sec-decrypt.c
@@ -63,7 +63,9 @@ _pkcs1_sec_decrypt (size_t length, uint8_t *message,
volatile int ok;
size_t i, t;
- assert (padded_message_length >= length);
+ /* Message independent branch */
+ if (length + 11 > padded_message_length)
+ return 0;
t = padded_message_length - length - 1;