mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-06 09:17:25 +00:00
Correct incorrect PKCS#1 v1.5 padding validation in crypto(3).
Obtained from: OpenSSL project Security: FreeBSD-SA-06:19.openssl
This commit is contained in:
parent
66387cee8f
commit
c800238ebb
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=162207
@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
|
||||
sig=d2i_X509_SIG(NULL,&p,(long)i);
|
||||
|
||||
if (sig == NULL) goto err;
|
||||
|
||||
/* Excess data can be used to create forgeries */
|
||||
if(p != s+i)
|
||||
{
|
||||
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* Parameters to the signature algorithm can also be used to
|
||||
create forgeries */
|
||||
if(sig->algor->parameter
|
||||
&& sig->algor->parameter->type != V_ASN1_NULL)
|
||||
{
|
||||
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
sigtype=OBJ_obj2nid(sig->algor->algorithm);
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user