diff options
author | Mark J. Cox <mark@openssl.org> | 2006-09-05 08:58:03 +0000 |
---|---|---|
committer | Mark J. Cox <mark@openssl.org> | 2006-09-05 08:58:03 +0000 |
commit | b79aa05e3babdbab92c6356f6e51f7bb43c41576 (patch) | |
tree | 1963310ff2983ec5cba1330c9a58b343f6e0b232 /crypto/rsa/rsa_sign.c | |
parent | 500b5a181df0e8e442e4cbf954213ff886b29df3 (diff) |
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
Diffstat (limited to 'crypto/rsa/rsa_sign.c')
-rw-r--r-- | crypto/rsa/rsa_sign.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index e5a015d1a6..e1b1714210 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -193,6 +193,23 @@ int int_rsa_verify(int dtype, const unsigned char *m, sig=d2i_X509_SIG(NULL,&p,(long)i); if (sig == NULL) goto err; + + /* Excess data can be used to create forgeries */ + if(p != s+i) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + goto err; + } + + /* Parameters to the signature algorithm can also be used to + create forgeries */ + if(sig->algor->parameter + && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + goto err; + } + sigtype=OBJ_obj2nid(sig->algor->algorithm); |