On Fri, Jun 9, 2017 at 11:01 PM, Niels Möller nisse@lysator.liu.se wrote:
Daiki Ueno ueno@gnu.org writes:
If this EM is the same EM recovered when verifying the signature, then it must still correspond to an integer of size at most modBits - 1.
Yes, that seems to be correct, as both EMSA-PSS-ENCODE and EMSA-PSS-VERIFY takes emBits (= modBits - 1), which is defined as "maximal bit length of the integer OS2IP (EM)".
I am sorry for the confusion.
No problem, thanks for the bug report and patch.
I've now committed your patch with some reorganization of this part (I added a bit-size check, and turned the later, supposedly redundant, check on leading bits to an assert) and minor changes to the test case.
Pushed to the master-updates branch, please have a look and see if you think I got it right.
As for the locked up report on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2132, I've read up a bit on oss-fuzz policy, and I'd expect it to be made publicly viewable a month after the bug is fixed or three months after original filing, whichever happens first. If you like, you could add me to the cc list on the report, then I may be able to access it right away (I haven't yet been able to see it).
I do not think it is possible to be added in CC for one bug only (at least I cannot find that in the interface). You either get added (and receive) to all found gnutls bugs, or none. I have created a mirror of the original bug with a valgrind trace to: https://gitlab.com/gnutls/gnutls/issues/214
regards, Nikos