mirror of https://github.com/wolfSSL/wolfssl
Merge pull request #1550 from dgarske/rsaverify
Check returned size matches signature size for RSA verify in openssl compatibility
This commit is contained in:
commit
b5e0499022
18
src/ssl.c
18
src/ssl.c
|
@ -24115,25 +24115,25 @@ int wolfSSL_RSA_verify(int type, const unsigned char* m,
|
||||||
unsigned int len;
|
unsigned int len;
|
||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_RSA_verify");
|
WOLFSSL_ENTER("wolfSSL_RSA_verify");
|
||||||
if((m == NULL) || (sig == NULL)) {
|
if ((m == NULL) || (sig == NULL)) {
|
||||||
WOLFSSL_MSG("Bad function arguments");
|
WOLFSSL_MSG("Bad function arguments");
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
sigRet = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
sigRet = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
if(sigRet == NULL){
|
if (sigRet == NULL) {
|
||||||
WOLFSSL_MSG("Memory failure");
|
WOLFSSL_MSG("Memory failure");
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
if(sigDec == NULL){
|
if (sigDec == NULL) {
|
||||||
WOLFSSL_MSG("Memory failure");
|
WOLFSSL_MSG("Memory failure");
|
||||||
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
/* get non-encrypted signature to be compared with decrypted sugnature*/
|
/* get non-encrypted signature to be compared with decrypted sugnature*/
|
||||||
ret = wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0);
|
ret = wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0);
|
||||||
if(ret <= 0){
|
if (ret <= 0) {
|
||||||
WOLFSSL_MSG("Message Digest Error");
|
WOLFSSL_MSG("Message Digest Error");
|
||||||
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
@ -24141,8 +24141,9 @@ int wolfSSL_RSA_verify(int type, const unsigned char* m,
|
||||||
}
|
}
|
||||||
show("Encoded Message", sigRet, len);
|
show("Encoded Message", sigRet, len);
|
||||||
/* decrypt signature */
|
/* decrypt signature */
|
||||||
ret = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen, (RsaKey*)rsa->internal);
|
ret = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen,
|
||||||
if(ret <= 0){
|
(RsaKey*)rsa->internal);
|
||||||
|
if (ret <= 0) {
|
||||||
WOLFSSL_MSG("RSA Decrypt error");
|
WOLFSSL_MSG("RSA Decrypt error");
|
||||||
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
@ -24150,12 +24151,13 @@ int wolfSSL_RSA_verify(int type, const unsigned char* m,
|
||||||
}
|
}
|
||||||
show("Decrypted Signature", sigDec, ret);
|
show("Decrypted Signature", sigDec, ret);
|
||||||
|
|
||||||
if(XMEMCMP(sigRet, sigDec, ret) == 0){
|
if ((int)len == ret && XMEMCMP(sigRet, sigDec, ret) == 0) {
|
||||||
WOLFSSL_MSG("wolfSSL_RSA_verify success");
|
WOLFSSL_MSG("wolfSSL_RSA_verify success");
|
||||||
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
return WOLFSSL_SUCCESS;
|
return WOLFSSL_SUCCESS;
|
||||||
} else {
|
}
|
||||||
|
else {
|
||||||
WOLFSSL_MSG("wolfSSL_RSA_verify failed");
|
WOLFSSL_MSG("wolfSSL_RSA_verify failed");
|
||||||
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
|
Loading…
Reference in New Issue