Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
rsa_verify_hash: fix possible bleichenbacher signature attack
- Loading branch information
Showing
with
8 additions
and
2 deletions.
-
+8
−2
src/pk/rsa/rsa_verify_hash.c
|
@@ -103,7 +103,7 @@ int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, |
|
|
} else { |
|
|
/* PKCS #1 v1.5 decode it */ |
|
|
unsigned char *out; |
|
|
unsigned long outlen, loid[16]; |
|
|
unsigned long outlen, loid[16], reallen; |
|
|
int decoded; |
|
|
ltc_asn1_list digestinfo[2], siginfo[2]; |
|
|
|
|
@@ -145,8 +145,14 @@ int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, |
|
|
goto bail_2; |
|
|
} |
|
|
|
|
|
if ((err = der_length_sequence(siginfo, 2, &reallen)) != CRYPT_OK) { |
|
|
XFREE(out); |
|
|
goto bail_2; |
|
|
} |
|
|
|
|
|
/* test OID */ |
|
|
if ((digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) && |
|
|
if ((reallen == outlen) && |
|
|
(digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) && |
|
|
(XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) && |
|
|
(siginfo[1].size == hashlen) && |
|
|
(XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) { |
|
|