From fa64073760b61d01b343d6fa820c1e1beb8a76eb Mon Sep 17 00:00:00 2001 From: djm <> Date: Sat, 9 Sep 2006 00:11:03 +0000 Subject: fix RSA signature padding vulnerability in OpenSSL libcrypto CVE-2006-4339; ok beck@ miod@ --- src/lib/libcrypto/rsa/rsa_sign.c | 17 +++++++++++++++++ src/lib/libssl/src/crypto/rsa/rsa_sign.c | 17 +++++++++++++++++ 2 files changed, 34 insertions(+) (limited to 'src') diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c index cee09eccb1..db86f1ac58 100644 --- a/src/lib/libcrypto/rsa/rsa_sign.c +++ b/src/lib/libcrypto/rsa/rsa_sign.c @@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, sig=d2i_X509_SIG(NULL,&p,(long)i); if (sig == NULL) goto err; + + /* Excess data can be used to create forgeries */ + if(p != s+i) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + goto err; + } + + /* Parameters to the signature algorithm can also be used to + create forgeries */ + if(sig->algor->parameter + && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + goto err; + } + sigtype=OBJ_obj2nid(sig->algor->algorithm); diff --git a/src/lib/libssl/src/crypto/rsa/rsa_sign.c b/src/lib/libssl/src/crypto/rsa/rsa_sign.c index cee09eccb1..db86f1ac58 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_sign.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_sign.c @@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, sig=d2i_X509_SIG(NULL,&p,(long)i); if (sig == NULL) goto err; + + /* Excess data can be used to create forgeries */ + if(p != s+i) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + goto err; + } + + /* Parameters to the signature algorithm can also be used to + create forgeries */ + if(sig->algor->parameter + && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + goto err; + } + sigtype=OBJ_obj2nid(sig->algor->algorithm); -- cgit v1.2.3-55-g6feb