]> Cypherpunks.ru repositories - gostls13.git/blobdiff - src/crypto/rsa/pkcs1v15.go
projects / gostls13.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[dev.boringcrypto] all: merge master into dev.boringcrypto
[gostls13.git] / src / crypto / rsa / pkcs1v15.go
diff --git a/src/crypto/rsa/pkcs1v15.go b/src/crypto/rsa/pkcs1v15.go
index 6bd16f529daaef5d76ad52c1c4878c20781a9d60..27278cd8dabc187846eedd5e285789e923c92537 100644 (file)
--- a/src/crypto/rsa/pkcs1v15.go
+++ b/src/crypto/rsa/pkcs1v15.go
@@ -341,6 +341,13 @@ func VerifyPKCS1v15(pub *PublicKey, hash crypto.Hash, hashed []byte, sig []byte)
                return ErrVerification
        }
 
+       // RFC 8017 Section 8.2.2: If the length of the signature S is not k
+       // octets (where k is the length in octets of the RSA modulus n), output
+       // "invalid signature" and stop.
+       if k != len(sig) {
+               return ErrVerification
+       }
+
        c := new(big.Int).SetBytes(sig)
        m := encrypt(new(big.Int), pub, c)
        em := leftPad(m.Bytes(), k)
Go GOST TLS 1.3