[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Thu Oct 8 13:19:12 UTC 2015
The branch OpenSSL_1_0_2-stable has been updated
via 985abd1fd8aa24ef1bbf6adcf1923d07b35fa246 (commit)
from b00424792f293b49e5e581aa36a9c826d1d2d508 (commit)
- Log -----------------------------------------------------------------
commit 985abd1fd8aa24ef1bbf6adcf1923d07b35fa246
Author: Matt Caswell <matt at openssl.org>
Date: Thu Oct 8 13:36:10 2015 +0100
Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify
The function int_rsa_verify is an internal function used for verifying an
RSA signature. It takes an argument |dtype| which indicates the digest type
that was used. Dependant on that digest type the processing of the
signature data will vary. In particular if |dtype == NID_mdc2| and the
signature data is a bare OCTETSTRING then it is treated differently to the
default case where the signature data is treated as a DigestInfo (X509_SIG).
Due to a missing "else" keyword the logic actually correctly processes the
OCTETSTRING format signature first, and then attempts to continue and
process it as DigestInfo. This will invariably fail because we already know
that it is a bare OCTETSTRING.
This failure doesn't actualy make a real difference because it ends up at
the |err| label regardless and still returns a "success" result. This patch
just cleans things up to make it look a bit more sane.
RT#4076
Reviewed-by: Richard Levitte <levitte at openssl.org>
(cherry picked from commit dffe51091f412dcbc18f6641132f0b4f0def6bce)
-----------------------------------------------------------------------
Summary of changes:
crypto/rsa/rsa_sign.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 19461c6..82ca832 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -218,14 +218,13 @@ int int_rsa_verify(int dtype, const unsigned char *m,
memcpy(rm, s + 2, 16);
*prm_len = 16;
ret = 1;
- } else if (memcmp(m, s + 2, 16))
+ } else if (memcmp(m, s + 2, 16)) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
- else
+ } else {
ret = 1;
- }
-
- /* Special case: SSL signature */
- if (dtype == NID_md5_sha1) {
+ }
+ } else if (dtype == NID_md5_sha1) {
+ /* Special case: SSL signature */
if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
else
More information about the openssl-commits
mailing list