From 36ad7f26648c87c63edaa9659d100b44b14f0ae1 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Wed, 28 Jan 2015 04:14:31 +0000
Subject: Fix a number of issues relating to algorithms in signatures, Mostly
 from OpenSSL with a hint of boring and some things done here. Addresses
 CVE-2014-8275 for OpenSSL fully ok miod@ doug@

---
 src/lib/libcrypto/ecdsa/ecs_vrf.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'src/lib/libcrypto/ecdsa/ecs_vrf.c')

diff --git a/src/lib/libcrypto/ecdsa/ecs_vrf.c b/src/lib/libcrypto/ecdsa/ecs_vrf.c
index 40a677c46a..b1e66af80a 100644
--- a/src/lib/libcrypto/ecdsa/ecs_vrf.c
+++ b/src/lib/libcrypto/ecdsa/ecs_vrf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_vrf.c,v 1.3 2014/07/10 22:45:57 jsing Exp $ */
+/* $OpenBSD: ecs_vrf.c,v 1.4 2015/01/28 04:14:31 beck Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project
  */
@@ -56,6 +56,7 @@
  *
  */
 
+#include <string.h>
 #include <openssl/opensslconf.h>
 
 #include "ecs_locl.h"
@@ -86,13 +87,24 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
 		const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
  	{
 	ECDSA_SIG *s;
+	unsigned char *der = NULL;
+	const unsigned char *p = sigbuf;
+	int derlen = -1;
 	int ret=-1;
 
 	s = ECDSA_SIG_new();
 	if (s == NULL) return(ret);
-	if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err;
+	if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err;
+	/* Ensure signature uses DER and doesn't have trailing garbage */
+	derlen = i2d_ECDSA_SIG(s, &der);
+	if (derlen != sig_len || memcmp(sigbuf, der, derlen))
+		goto err;
 	ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);
 err:
+	if (derlen > 0) {
+		explicit_bzero(der, derlen);
+		free(der);
+	}
 	ECDSA_SIG_free(s);
 	return(ret);
 	}
-- 
cgit v1.2.3-55-g6feb