fix RSA signature padding vulnerability in OpenSSL libcrypto CVE-2006-4339;

ok beck@ miod@
author: djm <> 2006-09-09 00:11:03 +0000
committer: djm <> 2006-09-09 00:11:03 +0000
commit: fa64073760b61d01b343d6fa820c1e1beb8a76eb (patch)
tree: 55e3d41e7a6b6e58774278969fe4be45b668e31c
parent: 4e39a5cd7fc51a2d60767923722b03e707cd2a62 (diff)
download: openbsd-fa64073760b61d01b343d6fa820c1e1beb8a76eb.tar.gz
openbsd-fa64073760b61d01b343d6fa820c1e1beb8a76eb.tar.bz2
openbsd-fa64073760b61d01b343d6fa820c1e1beb8a76eb.zip
2 files changed, 34 insertions, 0 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index cee09eccb1..db86f1ac58 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
                sig=d2i_X509_SIG(NULL,&p,(long)i);
                if (sig == NULL) goto err;
+                /* Excess data can be used to create forgeries */
+                if(p != s+i)
+                        {
+                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                        goto err;
+                        }
+                /* Parameters to the signature algorithm can also be used to
+                   create forgeries */
+                if(sig->algor->parameter
+                   && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
+                        {
+                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                        goto err;
+                        }
                sigtype=OBJ_obj2nid(sig->algor->algorithm);
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_sign.c b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
index cee09eccb1..db86f1ac58 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_sign.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
@@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
                sig=d2i_X509_SIG(NULL,&p,(long)i);
                if (sig == NULL) goto err;
+                /* Excess data can be used to create forgeries */
+                if(p != s+i)
+                        {
+                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                        goto err;
+                        }
+                /* Parameters to the signature algorithm can also be used to
+                   create forgeries */
+                if(sig->algor->parameter
+                   && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
+                        {
+                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                        goto err;
+                        }
                sigtype=OBJ_obj2nid(sig->algor->algorithm);
author	djm <>	2006-09-09 00:11:03 +0000
committer	djm <>	2006-09-09 00:11:03 +0000
commit	fa64073760b61d01b343d6fa820c1e1beb8a76eb (patch)
tree	55e3d41e7a6b6e58774278969fe4be45b668e31c
parent	4e39a5cd7fc51a2d60767923722b03e707cd2a62 (diff)
download	openbsd-fa64073760b61d01b343d6fa820c1e1beb8a76eb.tar.gz openbsd-fa64073760b61d01b343d6fa820c1e1beb8a76eb.tar.bz2 openbsd-fa64073760b61d01b343d6fa820c1e1beb8a76eb.zip

diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c index cee09eccb1..db86f1ac58 100644 --- a/src/lib/libcrypto/rsa/rsa_sign.c +++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
185	sig=d2i_X509_SIG(NULL,&p,(long)i);	185	sig=d2i_X509_SIG(NULL,&p,(long)i);
186		186
187	if (sig == NULL) goto err;	187	if (sig == NULL) goto err;
		188
		189	/* Excess data can be used to create forgeries */
		190	if(p != s+i)
		191	{
		192	RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
		193	goto err;
		194	}
		195
		196	/* Parameters to the signature algorithm can also be used to
		197	create forgeries */
		198	if(sig->algor->parameter
		199	&& ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
		200	{
		201	RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
		202	goto err;
		203	}
		204
188	sigtype=OBJ_obj2nid(sig->algor->algorithm);	205	sigtype=OBJ_obj2nid(sig->algor->algorithm);
189		206
190		207


diff --git a/src/lib/libssl/src/crypto/rsa/rsa_sign.c b/src/lib/libssl/src/crypto/rsa/rsa_sign.c index cee09eccb1..db86f1ac58 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_sign.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
@@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
185	sig=d2i_X509_SIG(NULL,&p,(long)i);	185	sig=d2i_X509_SIG(NULL,&p,(long)i);
186		186
187	if (sig == NULL) goto err;	187	if (sig == NULL) goto err;
		188
		189	/* Excess data can be used to create forgeries */
		190	if(p != s+i)
		191	{
		192	RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
		193	goto err;
		194	}
		195
		196	/* Parameters to the signature algorithm can also be used to
		197	create forgeries */
		198	if(sig->algor->parameter
		199	&& ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
		200	{
		201	RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
		202	goto err;
		203	}
		204
188	sigtype=OBJ_obj2nid(sig->algor->algorithm);	205	sigtype=OBJ_obj2nid(sig->algor->algorithm);
189		206
190		207