Merge OpenSSL 1.0.1k.

author: jkim <jkim@FreeBSD.org> 2015-01-08 23:42:41 +0000
committer: jkim <jkim@FreeBSD.org> 2015-01-08 23:42:41 +0000
commit: 4f9b1cef1a6825f03178937e0feb39a2b2d046c8 (patch)
tree: 6c2f3cb14d70e0247fe500835bed3d3588c3025e /crypto/openssl/crypto/dsa/dsa_asn1.c
parent: cfd5b20c8bb6e3677ef84152d28058c0ead0de39 (diff)
parent: a350427e88bc6ff288594c964ca0f57464062eb0 (diff)
download: FreeBSD-src-4f9b1cef1a6825f03178937e0feb39a2b2d046c8.zip
FreeBSD-src-4f9b1cef1a6825f03178937e0feb39a2b2d046c8.tar.gz
1 files changed, 13 insertions, 1 deletions
diff --git a/crypto/openssl/crypto/dsa/dsa_asn1.c b/crypto/openssl/crypto/dsa/dsa_asn1.c
index 6058534..473af87 100644
--- a/crypto/openssl/crypto/dsa/dsa_asn1.c
+++ b/crypto/openssl/crypto/dsa/dsa_asn1.c
@@ -176,13 +176,25 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
 	     const unsigned char *sigbuf, int siglen, DSA *dsa)
 	{
 	DSA_SIG *s;
+	const unsigned char *p = sigbuf;
+	unsigned char *der = NULL;
+	int derlen = -1;
 	int ret=-1;
 
 	s = DSA_SIG_new();
 	if (s == NULL) return(ret);
-	if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+	if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err;
+	/* Ensure signature uses DER and doesn't have trailing garbage */
+	derlen = i2d_DSA_SIG(s, &der);
+	if (derlen != siglen || memcmp(sigbuf, der, derlen))
+		goto err;
 	ret=DSA_do_verify(dgst,dgst_len,s,dsa);
 err:
+	if (derlen > 0)
+		{
+		OPENSSL_cleanse(der, derlen);
+		OPENSSL_free(der);
+		}
 	DSA_SIG_free(s);
 	return(ret);
 	}
author	jkim <jkim@FreeBSD.org>	2015-01-08 23:42:41 +0000
committer	jkim <jkim@FreeBSD.org>	2015-01-08 23:42:41 +0000
commit	4f9b1cef1a6825f03178937e0feb39a2b2d046c8 (patch)
tree	6c2f3cb14d70e0247fe500835bed3d3588c3025e /crypto/openssl/crypto/dsa/dsa_asn1.c
parent	cfd5b20c8bb6e3677ef84152d28058c0ead0de39 (diff)
parent	a350427e88bc6ff288594c964ca0f57464062eb0 (diff)
download	FreeBSD-src-4f9b1cef1a6825f03178937e0feb39a2b2d046c8.zip FreeBSD-src-4f9b1cef1a6825f03178937e0feb39a2b2d046c8.tar.gz