rsa: Re-enable use of zero-length null output
After merging the latest RSA implementation from Mbed TLS, we have a regression in that we no longer properly handle zero-length null output in PKCS1 v1.5 decryption. Prevent undefined behavior by avoiding a memcpy() to zero-length null output buffers.
This commit is contained in:
Jaeden Amero
parent
68933640f5
commit
4728469f53
1 changed files with 9 additions and 3 deletions
|
|
@ -1624,8 +1624,14 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
||||||
plaintext_max_size,
|
plaintext_max_size,
|
||||||
plaintext_max_size - plaintext_size );
|
plaintext_max_size - plaintext_size );
|
||||||
|
|
||||||
/* Finally copy the decrypted plaintext plus trailing zeros
|
/* Finally copy the decrypted plaintext plus trailing zeros into the output
|
||||||
* into the output buffer. */
|
* buffer. If output_max_len is 0, then output may be an invalid pointer
|
||||||
|
* and the result of memcpy() would be undefined; prevent undefined
|
||||||
|
* behavior making sure to depend only on output_max_len (the size of the
|
||||||
|
* user-provided output buffer), which is independent from plaintext
|
||||||
|
* length, validity of padding, success of the decryption, and other
|
||||||
|
* secrets. */
|
||||||
|
if( output_max_len != 0 )
|
||||||
memcpy( output, buf + ilen - plaintext_max_size, plaintext_max_size );
|
memcpy( output, buf + ilen - plaintext_max_size, plaintext_max_size );
|
||||||
|
|
||||||
/* Report the amount of data we copied to the output buffer. In case
|
/* Report the amount of data we copied to the output buffer. In case
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue