Check RSA_public_decrypt() length before constructing and comparing a chunk
authorMartin Willi <martin@revosec.ch>
Tue, 9 Apr 2013 09:38:51 +0000 (11:38 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 10 Apr 2013 16:10:30 +0000 (18:10 +0200)
If decryption fails, it returns -1. chunk_equals() should catch that error,
but be more explicit in error checking.

src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c

index bf71d79..48beede 100644 (file)
@@ -48,8 +48,6 @@ struct private_openssl_rsa_public_key_t {
        refcount_t ref;
 };
 
-
-
 /**
  * Verification of an EMPSA PKCS1 signature described in PKCS#1
  */
@@ -67,12 +65,17 @@ static bool verify_emsa_pkcs1_signature(private_openssl_rsa_public_key_t *this,
 
        if (type == NID_undef)
        {
-               chunk_t hash = chunk_alloc(rsa_size);
+               char *buf;
+               int len;
 
-               hash.len = RSA_public_decrypt(signature.len, signature.ptr, hash.ptr,
-                                                                         this->rsa, RSA_PKCS1_PADDING);
-               valid = chunk_equals(data, hash);
-               free(hash.ptr);
+               buf = malloc(rsa_size);
+               len = RSA_public_decrypt(signature.len, signature.ptr, buf, this->rsa,
+                                                                RSA_PKCS1_PADDING);
+               if (len != -1)
+               {
+                       valid = chunk_equals(data, chunk_create(buf, len));
+               }
+               free(buf);
        }
        else
        {