mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1550 from dgarske/rsaverify 

Check returned size matches signature size for RSA verify in openssl compatibility
This commit is contained in:
toddouska 2018-05-16 08:00:31 -07:00 committed by GitHub
parent bbc178a704 83257d662a
commit b5e0499022
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/ssl.c
View File

@ -24115,25 +24115,25 @@ int wolfSSL_RSA_verify(int type, const unsigned char* m,
unsigned int len; unsigned int len;
WOLFSSL_ENTER("wolfSSL_RSA_verify"); WOLFSSL_ENTER("wolfSSL_RSA_verify");
if((m == NULL) || (sig == NULL)) { if ((m == NULL) || (sig == NULL)) {
WOLFSSL_MSG("Bad function arguments"); WOLFSSL_MSG("Bad function arguments");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
sigRet = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); sigRet = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if(sigRet == NULL){ if (sigRet == NULL) {
WOLFSSL_MSG("Memory failure"); WOLFSSL_MSG("Memory failure");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if(sigDec == NULL){ if (sigDec == NULL) {
WOLFSSL_MSG("Memory failure"); WOLFSSL_MSG("Memory failure");
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
/* get non-encrypted signature to be compared with decrypted sugnature*/ /* get non-encrypted signature to be compared with decrypted sugnature*/
ret = wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0); ret = wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0);
if(ret <= 0){ if (ret <= 0) {
WOLFSSL_MSG("Message Digest Error"); WOLFSSL_MSG("Message Digest Error");
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@ -24141,8 +24141,9 @@ int wolfSSL_RSA_verify(int type, const unsigned char* m,
} }
show("Encoded Message", sigRet, len); show("Encoded Message", sigRet, len);
/* decrypt signature */ /* decrypt signature */
ret = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen, (RsaKey*)rsa->internal); ret = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen,
if(ret <= 0){ (RsaKey*)rsa->internal);
if (ret <= 0) {
WOLFSSL_MSG("RSA Decrypt error"); WOLFSSL_MSG("RSA Decrypt error");
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@ -24150,12 +24151,13 @@ int wolfSSL_RSA_verify(int type, const unsigned char* m,
} }
show("Decrypted Signature", sigDec, ret); show("Decrypted Signature", sigDec, ret);
if(XMEMCMP(sigRet, sigDec, ret) == 0){ if ((int)len == ret && XMEMCMP(sigRet, sigDec, ret) == 0) {
WOLFSSL_MSG("wolfSSL_RSA_verify success"); WOLFSSL_MSG("wolfSSL_RSA_verify success");
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} else { }
else {
WOLFSSL_MSG("wolfSSL_RSA_verify failed"); WOLFSSL_MSG("wolfSSL_RSA_verify failed");
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);