diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2006-09-09 00:11:04 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2006-09-09 00:11:04 +0000 |
| commit | 41f9a6aaae65b88dbb2d78d9ae0f206142b34aef (patch) | |
| tree | 851f297ae7feffa5318ef828a6059d5ca8b36874 /lib/libssl | |
| parent | 6d1faef9ccca5d12fdc0989a80526eae133dd637 (diff) | |
fix RSA signature padding vulnerability in OpenSSL libcrypto CVE-2006-4339;
ok beck@ miod@
Diffstat (limited to 'lib/libssl')
| -rw-r--r-- | lib/libssl/src/crypto/rsa/rsa_sign.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/lib/libssl/src/crypto/rsa/rsa_sign.c b/lib/libssl/src/crypto/rsa/rsa_sign.c index cee09eccb1f..db86f1ac581 100644 --- a/lib/libssl/src/crypto/rsa/rsa_sign.c +++ b/lib/libssl/src/crypto/rsa/rsa_sign.c @@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, sig=d2i_X509_SIG(NULL,&p,(long)i); if (sig == NULL) goto err; + + /* Excess data can be used to create forgeries */ + if(p != s+i) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + goto err; + } + + /* Parameters to the signature algorithm can also be used to + create forgeries */ + if(sig->algor->parameter + && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + goto err; + } + sigtype=OBJ_obj2nid(sig->algor->algorithm); |