Correct incorrect PKCS#1 v1.5 padding validation in crypto(3).

Obtained from: OpenSSL project Security: FreeBSD-SA-06:19.openssl
author: simon <simon@FreeBSD.org> 2006-09-10 20:16:43 +0000
committer: simon <simon@FreeBSD.org> 2006-09-10 20:16:43 +0000
commit: 22f3e61de2a6beb9e877fad976098e72f23d7fbc (patch)
tree: 6558541b18cbe9a3390f8f16afaf4fd1f6196993 /crypto/openssl/crypto
parent: 229d1a8d9bfa346b9e1124bf66835f0da3160a7a (diff)
download: FreeBSD-src-22f3e61de2a6beb9e877fad976098e72f23d7fbc.zip
FreeBSD-src-22f3e61de2a6beb9e877fad976098e72f23d7fbc.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/crypto/openssl/crypto/rsa/rsa_sign.c b/crypto/openssl/crypto/rsa/rsa_sign.c
index 230ec6d..aa757ac 100644
--- a/crypto/openssl/crypto/rsa/rsa_sign.c
+++ b/crypto/openssl/crypto/rsa/rsa_sign.c
@@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
 		sig=d2i_X509_SIG(NULL,&p,(long)i);
 
 		if (sig == NULL) goto err;
+
+		/* Excess data can be used to create forgeries */
+		if(p != s+i)
+			{
+			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+			goto err;
+			}
+
+		/* Parameters to the signature algorithm can also be used to
+		   create forgeries */
+		if(sig->algor->parameter
+		   && sig->algor->parameter->type != V_ASN1_NULL)
+			{
+			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+			goto err;
+			}
+
 		sigtype=OBJ_obj2nid(sig->algor->algorithm);
author	simon <simon@FreeBSD.org>	2006-09-10 20:16:43 +0000
committer	simon <simon@FreeBSD.org>	2006-09-10 20:16:43 +0000
commit	22f3e61de2a6beb9e877fad976098e72f23d7fbc (patch)
tree	6558541b18cbe9a3390f8f16afaf4fd1f6196993 /crypto/openssl/crypto
parent	229d1a8d9bfa346b9e1124bf66835f0da3160a7a (diff)
download	FreeBSD-src-22f3e61de2a6beb9e877fad976098e72f23d7fbc.zip FreeBSD-src-22f3e61de2a6beb9e877fad976098e72f23d7fbc.tar.gz