Closed Bug 2019357 Opened 24 days ago Closed 17 days ago

RSA_EMSAEncodePSS should validate the length of mHash

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: keeler, Assigned: keeler)

Details

Attachments

(1 file)

Bug 2019357 - RSA_EMSAEncodePSS should validate the length of mHash r?nkulatova 24 days ago Dana Keeler (she/her) [:keeler] 48 bytes, text/x-phabricator-request		Details \| Review

Dana Keeler (she/her) [:keeler]

Assignee

Description

•

24 days ago

RSA_EMSAEncodePSS takes the hash of the message as an argument (mHash). However, it's possible for the caller to provide an insufficiently-long buffer for this argument (see bug 2018983). Callers of RSA_EMSAEncodePSS know how long that buffer is, so they should provide the length so it can validate it. (Admittedly, in the RSA_SignPSS case, the hash length is ultimately provided by the caller anyway, so this is really more of a belt-and-suspenders kind of thing.)

Dana Keeler (she/her) [:keeler]

Assignee

Comment 1

•

24 days ago

Attached file Bug 2019357 - RSA_EMSAEncodePSS should validate the length of mHash r?nkulatova — Details

Pulsebot

Comment 2

•

17 days ago

Pushed by jschanck@mozilla.com:
https://hg.mozilla.org/projects/nss/rev/ff8b08f1808b
RSA_EMSAEncodePSS should validate the length of mHash r=nkulatova

Status: ASSIGNED → RESOLVED

Closed: 17 days ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

RSA_EMSAEncodePSS should validate the length of mHash

Categories

(NSS :: Libraries, defect)

Tracking

(Not tracked)

People

(Reporter: keeler, Assigned: keeler)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Attachment

General

Description

File Name

Content Type