[openssl-commits] [openssl] master update

Thu Oct 8 13:18:56 UTC 2015

The branch master has been updated
       via  dffe51091f412dcbc18f6641132f0b4f0def6bce (commit)
      from  5850cc75ea0c1581a9034390f1ca77cadc596238 (commit)


- Log -----------------------------------------------------------------
commit dffe51091f412dcbc18f6641132f0b4f0def6bce
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Oct 8 13:36:10 2015 +0100

    Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify
    
    The function int_rsa_verify is an internal function used for verifying an
    RSA signature. It takes an argument |dtype| which indicates the digest type
    that was used. Dependant on that digest type the processing of the
    signature data will vary. In particular if |dtype == NID_mdc2| and the
    signature data is a bare OCTETSTRING then it is treated differently to the
    default case where the signature data is treated as a DigestInfo (X509_SIG).
    
    Due to a missing "else" keyword the logic actually correctly processes the
    OCTETSTRING format signature first, and then attempts to continue and
    process it as DigestInfo. This will invariably fail because we already know
    that it is a bare OCTETSTRING.
    
    This failure doesn't actualy make a real difference because it ends up at
    the |err| label regardless and still returns a "success" result. This patch
    just cleans things up to make it look a bit more sane.
    
    RT#4076
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/rsa/rsa_sign.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index ff70cd9..9f4649a 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -200,14 +200,13 @@ int int_rsa_verify(int dtype, const unsigned char *m,
             memcpy(rm, s + 2, 16);
             *prm_len = 16;
             ret = 1;
-        } else if (memcmp(m, s + 2, 16))
+        } else if (memcmp(m, s + 2, 16)) {
             RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-        else
+        } else {
             ret = 1;
-    }
-
-    /* Special case: SSL signature */
-    if (dtype == NID_md5_sha1) {
+        }
+    } else if (dtype == NID_md5_sha1) {
+        /* Special case: SSL signature */
         if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
             RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
         else
