aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto/rsa/rsa_sign.c
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2014-10-19 11:34:57 +0200
committermarha <marha@users.sourceforge.net>2014-10-19 11:34:57 +0200
commit8cd093f61168a373d919c68e0ce4e04949fa4eb6 (patch)
treed1bc1dd33da84a22d6ab30aa9f7efb79b592ffda /openssl/crypto/rsa/rsa_sign.c
parent9fc852414dd4e841c4e2229f55a3e41abca64ac5 (diff)
parenta14858a22f164b5accc4bd192a5d3de21d88e3d1 (diff)
downloadvcxsrv-8cd093f61168a373d919c68e0ce4e04949fa4eb6.tar.gz
vcxsrv-8cd093f61168a373d919c68e0ce4e04949fa4eb6.tar.bz2
vcxsrv-8cd093f61168a373d919c68e0ce4e04949fa4eb6.zip
Merge remote-tracking branch 'origin/released'
Conflicts: openssl/Makefile openssl/crypto/opensslconf.h
Diffstat (limited to 'openssl/crypto/rsa/rsa_sign.c')
-rw-r--r--openssl/crypto/rsa/rsa_sign.c21
1 files changed, 20 insertions, 1 deletions
diff --git a/openssl/crypto/rsa/rsa_sign.c b/openssl/crypto/rsa/rsa_sign.c
index b6f6037ae..225bcfe2d 100644
--- a/openssl/crypto/rsa/rsa_sign.c
+++ b/openssl/crypto/rsa/rsa_sign.c
@@ -151,6 +151,25 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
return(ret);
}
+/*
+ * Check DigestInfo structure does not contain extraneous data by reencoding
+ * using DER and checking encoding against original.
+ */
+static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo, int dinfolen)
+ {
+ unsigned char *der = NULL;
+ int derlen;
+ int ret = 0;
+ derlen = i2d_X509_SIG(sig, &der);
+ if (derlen <= 0)
+ return 0;
+ if (derlen == dinfolen && !memcmp(dinfo, der, derlen))
+ ret = 1;
+ OPENSSL_cleanse(der, derlen);
+ OPENSSL_free(der);
+ return ret;
+ }
+
int int_rsa_verify(int dtype, const unsigned char *m,
unsigned int m_len,
unsigned char *rm, size_t *prm_len,
@@ -228,7 +247,7 @@ int int_rsa_verify(int dtype, const unsigned char *m,
if (sig == NULL) goto err;
/* Excess data can be used to create forgeries */
- if(p != s+i)
+ if(p != s+i || !rsa_check_digestinfo(sig, s, i))
{
RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
goto err;
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-10 02:33:55 +0000