Fix a number of issues relating to algorithms in signatures, Mostly

from OpenSSL with a hint of boring and some things done here. Addresses
CVE-2014-8275 for OpenSSL fully
ok miod@ doug@

1 files changed, 14 insertions, 2 deletions

diff --git a/src/lib/libcrypto/ecdsa/ecs_vrf.c b/src/lib/libcrypto/ecdsa/ecs_vrf.c
index 40a677c46a..b1e66af80a 100644
--- a/src/lib/libcrypto/ecdsa/ecs_vrf.c
+++ b/src/lib/libcrypto/ecdsa/ecs_vrf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_vrf.c,v 1.3 2014/07/10 22:45:57 jsing Exp $ */
+/* $OpenBSD: ecs_vrf.c,v 1.4 2015/01/28 04:14:31 beck Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project
  */
@@ -56,6 +56,7 @@
  *
  */
 
+#include <string.h>
 #include <openssl/opensslconf.h>
 
 #include "ecs_locl.h"
@@ -86,13 +87,24 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
                 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
         {
         ECDSA_SIG *s;
+        unsigned char *der = NULL;
+        const unsigned char *p = sigbuf;
+        int derlen = -1;
         int ret=-1;
 
         s = ECDSA_SIG_new();
         if (s == NULL) return(ret);
-        if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err;
+        if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err;
+        /* Ensure signature uses DER and doesn't have trailing garbage */
+        derlen = i2d_ECDSA_SIG(s, &der);
+        if (derlen != sig_len || memcmp(sigbuf, der, derlen))
+                goto err;
         ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);
 err:
+        if (derlen > 0) {
+                explicit_bzero(der, derlen);
+                free(der);
+        }
         ECDSA_SIG_free(s);
         return(ret);
         }