diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2023-03-06 08:31:35 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2023-03-06 08:31:35 +0000 |
| commit | eb4dcf50142d519670e0c10a92959475877007b3 (patch) | |
| tree | d2672fccbd4257ef26de7c153f073c9c715533f4 /lib/libcrypto/rsa | |
| parent | 3acdf6c4b57867488e023e1aae7e452a717f8db6 (diff) | |
Fix incorrect RSA_public_decrypt() return check
RSA_public_decrypt() returns <= 0 on error. Assigning to a size_t and
checking for == 0 is not the right thing to do here. Neither is blindly
turning the check into <= 0...
Found by Niels Dossche
ok jsing
Diffstat (limited to 'lib/libcrypto/rsa')
| -rw-r--r-- | lib/libcrypto/rsa/rsa_pmeth.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/lib/libcrypto/rsa/rsa_pmeth.c b/lib/libcrypto/rsa/rsa_pmeth.c index 0b3774bf6e5..3747f1dd288 100644 --- a/lib/libcrypto/rsa/rsa_pmeth.c +++ b/lib/libcrypto/rsa/rsa_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_pmeth.c,v 1.34 2022/11/26 16:08:54 tb Exp $ */ +/* $OpenBSD: rsa_pmeth.c,v 1.35 2023/03/06 08:31:34 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -326,12 +326,16 @@ pkey_rsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, return -1; } } else { + int ret; + if (!setup_tbuf(rctx, ctx)) return -1; - rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, - rctx->pad_mode); - if (rslen == 0) + + if ((ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, + rctx->pad_mode)) <= 0) return 0; + + rslen = ret; } if (rslen != tbslen || timingsafe_bcmp(tbs, rctx->tbuf, rslen)) |