fix pkcs_1_v1_5_decode() when empty message

SOuajih · sjaeckel · commit caf350028833 · 2023-03-31T14:21:01.000+02:00
In case of EME-PKCS1-v1_5 decoding, the encoded message format is as follow : EM = 0x00 || 0x02 || PS || 0x00 || M. When using an empty message, the 0x00 octet that separates the padding string and message is located at the end. Thus, update the condition to pass the check in case of empty message. This fixes the following AOSP cts test: Module: CtsKeystoreTestCases Test: testEmptyPlaintextEncryptsAndDecrypts Link: https://android.googlesource.com/platform/cts/+/refs/tags/android-cts-12.0_r6/tests/tests/keystore/src/android/keystore/cts/CipherTest.java Signed-off-by: Safae Ouajih <souajih@baylibre.com>
diff --git a/src/pk/pkcs1/pkcs_1_v1_5_decode.c b/src/pk/pkcs1/pkcs_1_v1_5_decode.c
@@ -58,7 +58,7 @@ int pkcs_1_v1_5_decode(const unsigned char *msg,
     }
     ps_len = i++ - 2;
 
-    if (i >= modulus_len) {
+    if (i > modulus_len) {
       /* There was no octet with hexadecimal value 0x00 to separate ps from m.
        */
       result = CRYPT_INVALID_PACKET;

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ int pkcs_1_v1_5_decode(const unsigned char *msg,`
`58`	`58`	`}`
`59`	`59`	`ps_len = i++ - 2;`
`60`	`60`
`61`		`- if (i >= modulus_len) {`
	`61`	`+ if (i > modulus_len) {`
`62`	`62`	`/* There was no octet with hexadecimal value 0x00 to separate ps from m.`
`63`	`63`	`*/`
`64`	`64`	`result = CRYPT_INVALID_PACKET;`