diff options
| author | djm <> | 2006-09-09 00:11:03 +0000 |
|---|---|---|
| committer | djm <> | 2006-09-09 00:11:03 +0000 |
| commit | fa64073760b61d01b343d6fa820c1e1beb8a76eb (patch) | |
| tree | 55e3d41e7a6b6e58774278969fe4be45b668e31c /src/lib/libcrypto/rsa/rsa_sign.c | |
| parent | 4e39a5cd7fc51a2d60767923722b03e707cd2a62 (diff) | |
| download | openbsd-fa64073760b61d01b343d6fa820c1e1beb8a76eb.tar.gz openbsd-fa64073760b61d01b343d6fa820c1e1beb8a76eb.tar.bz2 openbsd-fa64073760b61d01b343d6fa820c1e1beb8a76eb.zip | |
fix RSA signature padding vulnerability in OpenSSL libcrypto CVE-2006-4339;
ok beck@ miod@
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_sign.c')
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_sign.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c index cee09eccb1..db86f1ac58 100644 --- a/src/lib/libcrypto/rsa/rsa_sign.c +++ b/src/lib/libcrypto/rsa/rsa_sign.c | |||
| @@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, | |||
| 185 | sig=d2i_X509_SIG(NULL,&p,(long)i); | 185 | sig=d2i_X509_SIG(NULL,&p,(long)i); |
| 186 | 186 | ||
| 187 | if (sig == NULL) goto err; | 187 | if (sig == NULL) goto err; |
| 188 | |||
| 189 | /* Excess data can be used to create forgeries */ | ||
| 190 | if(p != s+i) | ||
| 191 | { | ||
| 192 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); | ||
| 193 | goto err; | ||
| 194 | } | ||
| 195 | |||
| 196 | /* Parameters to the signature algorithm can also be used to | ||
| 197 | create forgeries */ | ||
| 198 | if(sig->algor->parameter | ||
| 199 | && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) | ||
| 200 | { | ||
| 201 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); | ||
| 202 | goto err; | ||
| 203 | } | ||
| 204 | |||
| 188 | sigtype=OBJ_obj2nid(sig->algor->algorithm); | 205 | sigtype=OBJ_obj2nid(sig->algor->algorithm); |
| 189 | 206 | ||
| 190 | 207 | ||