[openssl-dev] [openssl.org #4076] PROBLEM: there exists a wrong return value of function int_rsa_verify()
Zhang Yan via RT
rt at openssl.org
Thu Oct 8 08:55:45 UTC 2015
Bug Description:
Function int_rsa_verify() defined in file crypto/rsa/rsa_sign.c would return 1 if a signature is valid, and 0 otherwise. The variable 'ret' keeps the return value, and it may be assigned to 1 if the condition in line 216 is satisfied. The signature is regarded as invalid if the conditions in line 241 are evaluated to be true, and the error message is dumped (in line 242) and the verify process is ended (in line 243). However, as variable 'ret' may keep value 1, this function will return 1 (in line 290) even if the signature is invalid, which will confuse the caller function whether the signature is really valid.
The related code snippets in int_rsa_verify() is as following.
168 int int_rsa_verify(int dtype, const unsigned char *m,
169 unsigned int m_len,
170 unsigned char *rm, size_t *prm_len,
171 const unsigned char *sigbuf, size_t siglen, RSA *rsa)
172 {
173 int i, ret = 0, sigtype;
...
216 if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10) {
217 if (rm) {
218 memcpy(rm, s + 2, 16);
219 *prm_len = 16;
220 ret = 1;
221 } else if (memcmp(m, s + 2, 16))
222 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
223 else
224 ret = 1;
225 }
226
227 /* Special case: SSL signature */
228 if (dtype == NID_md5_sha1) {
229 if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
230 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
231 else
232 ret = 1;
233 } else { // dtype != NID_md5_sha1
234 const unsigned char *p = s;
235 sig = d2i_X509_SIG(NULL, &p, (long)i);
236
237 if (sig == NULL)
238 goto err;
239
240 /* Excess data can be used to create forgeries */
241 if (p != s + i || !rsa_check_digestinfo(sig, s, i)) {
242 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
243 goto err;
244 }
...
283 err:
284 if (sig != NULL)
285 X509_SIG_free(sig);
286 if (s != NULL) {
287 OPENSSL_cleanse(s, (unsigned int)siglen);
288 OPENSSL_free(s);
289 }
290 return (ret);
291 }
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list