diff options
Diffstat (limited to 'openssl/crypto/ecdsa')
-rw-r--r-- | openssl/crypto/ecdsa/Makefile | 13 | ||||
-rw-r--r-- | openssl/crypto/ecdsa/ecs_vrf.c | 15 |
2 files changed, 21 insertions, 7 deletions
diff --git a/openssl/crypto/ecdsa/Makefile b/openssl/crypto/ecdsa/Makefile index e89e0c010..60c876df1 100644 --- a/openssl/crypto/ecdsa/Makefile +++ b/openssl/crypto/ecdsa/Makefile @@ -126,15 +126,16 @@ ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ecs_sign.o: ecs_locl.h ecs_sign.c -ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_vrf.o: ../../e_os.h ../../include/openssl/asn1.h +ecs_vrf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c +ecs_vrf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ecs_locl.h ecs_vrf.c diff --git a/openssl/crypto/ecdsa/ecs_vrf.c b/openssl/crypto/ecdsa/ecs_vrf.c index ef9acf7b6..2836efe5e 100644 --- a/openssl/crypto/ecdsa/ecs_vrf.c +++ b/openssl/crypto/ecdsa/ecs_vrf.c @@ -57,6 +57,7 @@ */ #include "ecs_locl.h" +#include "cryptlib.h" #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif @@ -84,13 +85,25 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) { ECDSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; int ret=-1; s = ECDSA_SIG_new(); if (s == NULL) return(ret); - if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err; + if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_ECDSA_SIG(s, &der); + if (derlen != sig_len || memcmp(sigbuf, der, derlen)) + goto err; ret=ECDSA_do_verify(dgst, dgst_len, s, eckey); err: + if (derlen > 0) + { + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + } ECDSA_SIG_free(s); return(ret); } |