Permalink
Browse files

rsa_verify_hash: fix possible bleichenbacher signature attack

  • Loading branch information...
sjaeckel committed Aug 6, 2014
1 parent c6dfef9 commit 5eb9743410ce4657e9d54fef26a2ee31a1b5dd09
Showing with 8 additions and 2 deletions.
  1. +8 −2 src/pk/rsa/rsa_verify_hash.c
@@ -103,7 +103,7 @@ int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen,
} else {
/* PKCS #1 v1.5 decode it */
unsigned char *out;
unsigned long outlen, loid[16];
unsigned long outlen, loid[16], reallen;
int decoded;
ltc_asn1_list digestinfo[2], siginfo[2];
@@ -145,8 +145,14 @@ int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen,
goto bail_2;
}
if ((err = der_length_sequence(siginfo, 2, &reallen)) != CRYPT_OK) {
XFREE(out);
goto bail_2;
}
/* test OID */
if ((digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
if ((reallen == outlen) &&
(digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
(XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) &&
(siginfo[1].size == hashlen) &&
(XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) {

0 comments on commit 5eb9743

Please sign in to comment.