diff options
| author | jsing <> | 2019-10-31 13:02:49 +0000 |
|---|---|---|
| committer | jsing <> | 2019-10-31 13:02:49 +0000 |
| commit | db92e7a9cf698677c610625e82550a21ae364ce5 (patch) | |
| tree | 82cb12036a5748d40a7ba4d73e02f4bd92bf99f1 /src/lib | |
| parent | 5a3238c38c436953bad0d4dda753104702067c5f (diff) | |
| download | openbsd-db92e7a9cf698677c610625e82550a21ae364ce5.tar.gz openbsd-db92e7a9cf698677c610625e82550a21ae364ce5.tar.bz2 openbsd-db92e7a9cf698677c610625e82550a21ae364ce5.zip | |
Add additional validation of key size, message digest size and public
exponent.
From OpenSSL 1.1.1d.
ok inoguchi@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_pmeth.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c index 4132d06639..91e64fe500 100644 --- a/src/lib/libcrypto/rsa/rsa_pmeth.c +++ b/src/lib/libcrypto/rsa/rsa_pmeth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa_pmeth.c,v 1.26 2019/10/31 12:46:02 jsing Exp $ */ | 1 | /* $OpenBSD: rsa_pmeth.c,v 1.27 2019/10/31 13:02:49 jsing Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -186,8 +186,14 @@ pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, | |||
| 186 | } | 186 | } |
| 187 | 187 | ||
| 188 | if (rctx->pad_mode == RSA_X931_PADDING) { | 188 | if (rctx->pad_mode == RSA_X931_PADDING) { |
| 189 | if (!setup_tbuf(rctx, ctx)) | 189 | if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) { |
| 190 | RSAerror(RSA_R_KEY_SIZE_TOO_SMALL); | ||
| 191 | return -1; | ||
| 192 | } | ||
| 193 | if (!setup_tbuf(rctx, ctx)) { | ||
| 194 | RSAerror(ERR_R_MALLOC_FAILURE); | ||
| 190 | return -1; | 195 | return -1; |
| 196 | } | ||
| 191 | memcpy(rctx->tbuf, tbs, tbslen); | 197 | memcpy(rctx->tbuf, tbs, tbslen); |
| 192 | rctx->tbuf[tbslen] = | 198 | rctx->tbuf[tbslen] = |
| 193 | RSA_X931_hash_id(EVP_MD_type(rctx->md)); | 199 | RSA_X931_hash_id(EVP_MD_type(rctx->md)); |
| @@ -278,6 +284,10 @@ pkey_rsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, | |||
| 278 | if (rctx->pad_mode == RSA_PKCS1_PADDING) | 284 | if (rctx->pad_mode == RSA_PKCS1_PADDING) |
| 279 | return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, | 285 | return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, |
| 280 | sig, siglen, rsa); | 286 | sig, siglen, rsa); |
| 287 | if (tbslen != (size_t)EVP_MD_size(rctx->md)) { | ||
| 288 | RSAerror(RSA_R_INVALID_DIGEST_LENGTH); | ||
| 289 | return -1; | ||
| 290 | } | ||
| 281 | if (rctx->pad_mode == RSA_X931_PADDING) { | 291 | if (rctx->pad_mode == RSA_X931_PADDING) { |
| 282 | if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, | 292 | if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, |
| 283 | siglen) <= 0) | 293 | siglen) <= 0) |
| @@ -447,8 +457,12 @@ bad_pad: | |||
| 447 | return 1; | 457 | return 1; |
| 448 | 458 | ||
| 449 | case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: | 459 | case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: |
| 450 | if (!p2) | 460 | if (p2 == NULL || !BN_is_odd((BIGNUM *)p2) || |
| 461 | BN_is_one((BIGNUM *)p2)) { | ||
| 462 | RSAerror(RSA_R_BAD_E_VALUE); | ||
| 451 | return -2; | 463 | return -2; |
| 464 | } | ||
| 465 | BN_free(rctx->pub_exp); | ||
| 452 | rctx->pub_exp = p2; | 466 | rctx->pub_exp = p2; |
| 453 | return 1; | 467 | return 1; |
| 454 | 468 | ||