aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/dsa/dsa_asn1.c
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2015-01-08 22:40:39 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2015-01-08 22:40:39 +0000
commitc6485458b37e3f0f5d1c69c0452e4551ac3b1824 (patch)
treec2b36ecba3cb850d324786e97809c541cb5c2d5a /crypto/dsa/dsa_asn1.c
parent58ab7656b2c140e06d60a7831a9f5b6e1ddc2fe5 (diff)
downloadsrc-c6485458b37e3f0f5d1c69c0452e4551ac3b1824.tar.gz
src-c6485458b37e3f0f5d1c69c0452e4551ac3b1824.zip
Import OpenSSL 1.0.1k.vendor/openssl/1.0.1k
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=276856 svn path=/vendor-crypto/openssl/1.0.1k/; revision=276858; tag=vendor/openssl/1.0.1k
Diffstat (limited to 'crypto/dsa/dsa_asn1.c')
-rw-r--r--crypto/dsa/dsa_asn1.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index 60585343746d..473af873e02b 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -176,13 +176,25 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int siglen, DSA *dsa)
{
DSA_SIG *s;
+ const unsigned char *p = sigbuf;
+ unsigned char *der = NULL;
+ int derlen = -1;
int ret=-1;
s = DSA_SIG_new();
if (s == NULL) return(ret);
- if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+ if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err;
+ /* Ensure signature uses DER and doesn't have trailing garbage */
+ derlen = i2d_DSA_SIG(s, &der);
+ if (derlen != siglen || memcmp(sigbuf, der, derlen))
+ goto err;
ret=DSA_do_verify(dgst,dgst_len,s,dsa);
err:
+ if (derlen > 0)
+ {
+ OPENSSL_cleanse(der, derlen);
+ OPENSSL_free(der);
+ }
DSA_SIG_free(s);
return(ret);
}