Revision - ec1f125 - Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify

Revision ec1f1255127c3987494978c9bf1c8f7ac9b093e4 authored by Matt Caswell on 08 October 2015, 12:36:10 UTC, committed by Matt Caswell on 08 October 2015, 13:17:08 UTC

Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify

The function int_rsa_verify is an internal function used for verifying an
RSA signature. It takes an argument |dtype| which indicates the digest type
that was used. Dependant on that digest type the processing of the
signature data will vary. In particular if |dtype == NID_mdc2| and the
signature data is a bare OCTETSTRING then it is treated differently to the
default case where the signature data is treated as a DigestInfo (X509_SIG).

Due to a missing "else" keyword the logic actually correctly processes the
OCTETSTRING format signature first, and then attempts to continue and
process it as DigestInfo. This will invariably fail because we already know
that it is a bare OCTETSTRING.

This failure doesn't actualy make a real difference because it ends up at
the |err| label regardless and still returns a "success" result. This patch
just cleans things up to make it look a bit more sane.

RT#4076

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit dffe51091f412dcbc18f6641132f0b4f0def6bce)

1 parent 363c8fd

Files
Changes

Permalinks

INSTALL.DJGPP


 
 INSTALLATION ON THE DOS PLATFORM WITH DJGPP
 -------------------------------------------

 OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
 environment for 16-bit DOS, but only with long filename support.
 If you wish to compile on native DOS with 8+3 filenames, you will
 have to tweak the installation yourself, including renaming files
 with illegal or duplicate names.

 You should have a full DJGPP environment installed, including the
 latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
 requires that PERL and BC also be installed.

 All of these can be obtained from the usual DJGPP mirror sites or
 directly at "http://www.delorie.com/pub/djgpp". For help on which
 files to download, see the DJGPP "ZIP PICKER" page at
 "http://www.delorie.com/djgpp/zip-picker.html". You also need to have
 the WATT-32 networking package installed before you try to compile
 OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/".
 The Makefile assumes that the WATT-32 code is in the directory
 specified by the environment variable WATT_ROOT. If you have watt-32
 in directory "watt32" under your main DJGPP directory, specify
 WATT_ROOT="/dev/env/DJDIR/watt32".

 To compile OpenSSL, start your BASH shell, then configure for DJGPP by
 running "./Configure" with appropriate arguments:

	./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
 
 And finally fire up "make". You may run out of DPMI selectors when
 running in a DOS box under Windows. If so, just close the BASH
 shell, go back to Windows, and restart BASH. Then run "make" again.

 RUN-TIME CAVEAT LECTOR
 --------------

 Quoting FAQ:

  "Cryptographic software needs a source of unpredictable data to work
   correctly.  Many open source operating systems provide a "randomness
   device" (/dev/urandom or /dev/random) that serves this purpose."

 As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
 party "randomness" DOS driver. One such driver, NOISE.SYS, can be
 obtained from "http://www.rahul.net/dkaufman/index.html".

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...