sjaeckel
commented
7 months ago Hi,
you're right, salt is allocated and never used, but that's not the problem.
Removing the verification that PS starts with 0x0 is absolutely no option.
Looking at the calling code and the TLS RFC I suspect that the salt length is wrong.
Here's a potential patch 0001-Fix-length-of-the-salt.patch.txt which could probably solve the issue, but I couldn't get tlssimple.c to connect to something since the certificates fail to load or I don't know what, so I couldn't test it. (Looks like I'm hitting https://github.com/eduardsui/tlse/issues/88 as well).
Please get this sorted out with @eduardsui
headscott
I encountered a problem in pkcs_1_pss_decode. It's located at src/pk/pkcs1/pkcs_1_pss_decode.c
While doing some changes for a TLS project I used eduardsui/tlse (from Github) and found a problem in parsing the certificate verify packet. eduardsui used this library for calculating values and to verify data from TLS packets. The parse method used your pkcs_1_pss_decode. Inside this method it fails in the following part:
for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) { if (DB[x] != 0x00) { err = CRYPT_INVALID_PACKET; goto LBL_ERR; } }
and returns the error CRYPT_INVALID_PACKET. I am not sure exactly where the problem is, but I found out, that salt is allocated inside this method, but never used. There are just some comments, where salt is mentioned, but there is no usage. Could this be the problem? And if not, can you just remove these lines, where salt is allocated, set free and the memory set to zero?
Thanks in advance. F. T.