Revision - ec1f125 - Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify

Revision ec1f1255127c3987494978c9bf1c8f7ac9b093e4 authored by Matt Caswell on 08 October 2015, 12:36:10 UTC, committed by Matt Caswell on 08 October 2015, 13:17:08 UTC

Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify

The function int_rsa_verify is an internal function used for verifying an
RSA signature. It takes an argument |dtype| which indicates the digest type
that was used. Dependant on that digest type the processing of the
signature data will vary. In particular if |dtype == NID_mdc2| and the
signature data is a bare OCTETSTRING then it is treated differently to the
default case where the signature data is treated as a DigestInfo (X509_SIG).

Due to a missing "else" keyword the logic actually correctly processes the
OCTETSTRING format signature first, and then attempts to continue and
process it as DigestInfo. This will invariably fail because we already know
that it is a bare OCTETSTRING.

This failure doesn't actualy make a real difference because it ends up at
the |err| label regardless and still returns a "success" result. This patch
just cleans things up to make it look a bit more sane.

RT#4076

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit dffe51091f412dcbc18f6641132f0b4f0def6bce)

1 parent 363c8fd

Files
Changes

Permalinks

ACKNOWLEDGMENTS

The OpenSSL project depends on volunteer efforts and financial support from
the end user community. That support comes in the form of donations and paid
sponsorships, software support contracts, paid consulting services
and commissioned software development.

Since all these activities support the continued development and improvement
of OpenSSL we consider all these clients and customers as sponsors of the
OpenSSL project.

We would like to identify and thank the following such sponsors for their past
or current significant support of the OpenSSL project:

Major support:

	Qualys		http://www.qualys.com/

Very significant support:

	OpenGear:	http://www.opengear.com/

Significant support:

	PSW Group:	http://www.psw.net/
	Acano Ltd.	http://acano.com/

Please note that we ask permission to identify sponsors and that some sponsors
we consider eligible for inclusion here have requested to remain anonymous.

Additional sponsorship or financial support is always welcome: for more
information please contact the OpenSSL Software Foundation.

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...