Add explicit length check on OAEP input

author: Peter Dettman <peter.dettman@bouncycastle.org> 2017-06-09 12:58:17 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2017-06-09 12:58:17 +0700
commit: b5b1ad3e9abdaada947513b5a4940e93c4aae210 (patch)
tree: 60ef6c08160cfecd581a1a2a906b1836d0e454ab /crypto
parent: Comments (diff)
download: BouncyCastle.NET-ed25519-b5b1ad3e9abdaada947513b5a4940e93c4aae210.tar.xz
2 files changed, 27 insertions, 4 deletions
diff --git a/crypto/src/crypto/encodings/OaepEncoding.cs b/crypto/src/crypto/encodings/OaepEncoding.cs
index cb23b1710..9f5c563c2 100644
--- a/crypto/src/crypto/encodings/OaepEncoding.cs
+++ b/crypto/src/crypto/encodings/OaepEncoding.cs
@@ -137,6 +137,8 @@ namespace Org.BouncyCastle.Crypto.Encodings
             int		inOff,
             int		inLen)
         {
+            Check.DataLength(inLen > GetInputBlockSize(), "input data too long");
+
             byte[] block = new byte[GetInputBlockSize() + 1 + 2 * defHash.Length];
 
             //
diff --git a/crypto/test/src/crypto/test/RsaTest.cs b/crypto/test/src/crypto/test/RsaTest.cs
index c343f0ba5..d0cbedace 100644
--- a/crypto/test/src/crypto/test/RsaTest.cs
+++ b/crypto/test/src/crypto/test/RsaTest.cs
@@ -192,13 +192,34 @@ namespace Org.BouncyCastle.Crypto.Tests
 			{
 				Fail("failed OAEP Test");
 			}
-		}
 
-		// TODO Move this when other JCE tests are ported from Java
-		/**
+            // check for oversized input
+            byte[] message = new byte[87];
+            RsaEngine rsaEngine = new RsaEngine();
+            IAsymmetricBlockCipher cipher = new OaepEncoding(rsaEngine, new Sha1Digest(), new Sha1Digest(), message);
+            cipher.Init(true, new ParametersWithRandom(pubParameters, new SecureRandom()));
+
+            try
+            {
+                cipher.ProcessBlock(message, 0, message.Length);
+
+                Fail("no exception thrown");
+            }
+            catch (DataLengthException e)
+            {
+                IsTrue("message mismatch", "input data too long".Equals(e.Message));
+            }
+            catch (InvalidCipherTextException e)
+            {
+                Fail("failed - exception " + e.ToString(), e);
+            }
+        }
+
+        // TODO Move this when other JCE tests are ported from Java
+        /**
 		 * signature with a "forged signature" (sig block not at end of plain text)
 		 */
-		private void doTestBadSig()//PrivateKey priv, PublicKey pub)
+        private void doTestBadSig()//PrivateKey priv, PublicKey pub)
 		{
 //			Signature           sig = Signature.getInstance("SHA1WithRSAEncryption", "BC");
 			ISigner sig = SignerUtilities.GetSigner("SHA1WithRSAEncryption");
author	Peter Dettman <peter.dettman@bouncycastle.org>	2017-06-09 12:58:17 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2017-06-09 12:58:17 +0700
commit	b5b1ad3e9abdaada947513b5a4940e93c4aae210 (patch)
tree	60ef6c08160cfecd581a1a2a906b1836d0e454ab /crypto
parent	Comments (diff)
download	BouncyCastle.NET-ed25519-b5b1ad3e9abdaada947513b5a4940e93c4aae210.tar.xz