Description: rsa_verify_hash: fix possible bleichenbacher signature attack.
Author: Steffen Jaeckel <s@jaeckel.eu>
Applied-Upstream: https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09
Last-Updated: 2016-09-13
---
Index: libtomcrypt/src/pk/rsa/rsa_verify_hash.c
===================================================================
--- libtomcrypt.orig/src/pk/rsa/rsa_verify_hash.c
+++ libtomcrypt/src/pk/rsa/rsa_verify_hash.c
@@ -96,7 +96,7 @@ int rsa_verify_hash_ex(const unsigned ch
} else {
/* LTC_PKCS #1 v1.5 decode it */
unsigned char *out;
- unsigned long outlen, loid[16];
+ unsigned long outlen, loid[16], reallen;
int decoded;
ltc_asn1_list digestinfo[2], siginfo[2];
@@ -138,8 +138,14 @@ int rsa_verify_hash_ex(const unsigned ch
goto bail_2;
}
+ if ((err = der_length_sequence(siginfo, 2, &reallen)) != CRYPT_OK) {
+ XFREE(out);
+ goto bail_2;
+ }
+
/* test OID */
- if ((digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
+ if ((reallen == outlen) &&
+ (digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
(XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) &&
(siginfo[1].size == hashlen) &&
(XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) {
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-updates-src
>
by-pkgid
>
75ee5635d6fdab9feb7fbf7c94711d97
>
files
>
1
