diff options
| author | Martin Willi <martin@revosec.ch> | 2013-04-09 11:38:51 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2013-04-10 18:10:30 +0200 |
| commit | b52771fbb2d25a947204d95fe29882cfc0312ef5 (patch) | |
| tree | 2b1586c3b564859407d04fd68a26183e56ac9431 /src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c | |
| parent | 97d975b7bb7b5112238f07bc4bd49f34bf5b2fcc (diff) | |
| download | strongswan-b52771fbb2d25a947204d95fe29882cfc0312ef5.tar.bz2 strongswan-b52771fbb2d25a947204d95fe29882cfc0312ef5.tar.xz | |
Check RSA_public_decrypt() length before constructing and comparing a chunk
If decryption fails, it returns -1. chunk_equals() should catch that error,
but be more explicit in error checking.
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index bf71d7901..48beedef6 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -48,8 +48,6 @@ struct private_openssl_rsa_public_key_t { refcount_t ref; }; - - /** * Verification of an EMPSA PKCS1 signature described in PKCS#1 */ @@ -67,12 +65,17 @@ static bool verify_emsa_pkcs1_signature(private_openssl_rsa_public_key_t *this, if (type == NID_undef) { - chunk_t hash = chunk_alloc(rsa_size); + char *buf; + int len; - hash.len = RSA_public_decrypt(signature.len, signature.ptr, hash.ptr, - this->rsa, RSA_PKCS1_PADDING); - valid = chunk_equals(data, hash); - free(hash.ptr); + buf = malloc(rsa_size); + len = RSA_public_decrypt(signature.len, signature.ptr, buf, this->rsa, + RSA_PKCS1_PADDING); + if (len != -1) + { + valid = chunk_equals(data, chunk_create(buf, len)); + } + free(buf); } else { |