diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2019-10-31 13:02:50 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2019-10-31 13:02:50 +0000 |
commit | cc2da8d4a196cdacd136b85ca587d789b7187613 (patch) | |
tree | b6532f0352f220159cf6deacda085f91a72ce607 /lib/libcrypto/rsa/rsa_pmeth.c | |
parent | a4bfe88220d791c27208dad23a69615dfd116b31 (diff) |
Add additional validation of key size, message digest size and public
exponent.
From OpenSSL 1.1.1d.
ok inoguchi@
Diffstat (limited to 'lib/libcrypto/rsa/rsa_pmeth.c')
-rw-r--r-- | lib/libcrypto/rsa/rsa_pmeth.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/lib/libcrypto/rsa/rsa_pmeth.c b/lib/libcrypto/rsa/rsa_pmeth.c index 4132d066399..91e64fe500d 100644 --- a/lib/libcrypto/rsa/rsa_pmeth.c +++ b/lib/libcrypto/rsa/rsa_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_pmeth.c,v 1.26 2019/10/31 12:46:02 jsing Exp $ */ +/* $OpenBSD: rsa_pmeth.c,v 1.27 2019/10/31 13:02:49 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -186,8 +186,14 @@ pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, } if (rctx->pad_mode == RSA_X931_PADDING) { - if (!setup_tbuf(rctx, ctx)) + if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) { + RSAerror(RSA_R_KEY_SIZE_TOO_SMALL); + return -1; + } + if (!setup_tbuf(rctx, ctx)) { + RSAerror(ERR_R_MALLOC_FAILURE); return -1; + } memcpy(rctx->tbuf, tbs, tbslen); rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md)); @@ -278,6 +284,10 @@ pkey_rsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); + if (tbslen != (size_t)EVP_MD_size(rctx->md)) { + RSAerror(RSA_R_INVALID_DIGEST_LENGTH); + return -1; + } if (rctx->pad_mode == RSA_X931_PADDING) { if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0) @@ -447,8 +457,12 @@ bad_pad: return 1; case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: - if (!p2) + if (p2 == NULL || !BN_is_odd((BIGNUM *)p2) || + BN_is_one((BIGNUM *)p2)) { + RSAerror(RSA_R_BAD_E_VALUE); return -2; + } + BN_free(rctx->pub_exp); rctx->pub_exp = p2; return 1; |