diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2016-12-08 12:16:02 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2016-12-09 23:05:44 +0000 |
| commit | 71bbc79b7d3b1195a7a7dd5f547d52ddce32d6f0 (patch) | |
| tree | 437700dba7de18beb3f599e03f4059dfc1acc010 | |
| parent | 6c0e1e20d2756eaefe735e5edb56b83ccd9db9e6 (diff) | |
| download | openssl-71bbc79b7d3b1195a7a7dd5f547d52ddce32d6f0.tar.gz | |
Check input length to pkey_rsa_verify()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)
| -rw-r--r-- | crypto/rsa/rsa_err.c | 1 | ||||
| -rw-r--r-- | crypto/rsa/rsa_pmeth.c | 4 | ||||
| -rw-r--r-- | include/openssl/rsa.h | 1 |
3 files changed, 6 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index 45e12e0dd3..bf54095b70 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -26,6 +26,7 @@ static ERR_STRING_DATA RSA_str_functs[] = { {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"}, {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "pkey_rsa_ctrl_str"}, {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "pkey_rsa_sign"}, + {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "pkey_rsa_verify"}, {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "pkey_rsa_verifyrecover"}, {ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "rsa_algor_to_md"}, {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "rsa_builtin_keygen"}, diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index e503ada873..db4fb0fbf7 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -229,6 +229,10 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); + if (tbslen != (size_t)EVP_MD_size(rctx->md)) { + RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH); + return -1; + } if (rctx->pad_mode == RSA_X931_PADDING) { if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0) return 0; diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 4d6e9cc9a9..d97d6e075a 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -468,6 +468,7 @@ int ERR_load_RSA_strings(void); # define RSA_F_PKEY_RSA_CTRL 143 # define RSA_F_PKEY_RSA_CTRL_STR 144 # define RSA_F_PKEY_RSA_SIGN 142 +# define RSA_F_PKEY_RSA_VERIFY 149 # define RSA_F_PKEY_RSA_VERIFYRECOVER 141 # define RSA_F_RSA_ALGOR_TO_MD 156 # define RSA_F_RSA_BUILTIN_KEYGEN 129 |