Update OpenSSL to AOSP -master

author: Arne Schwabe <arne@rfc2549.org> 2015-02-12 22:22:25 +0100
committer: Arne Schwabe <arne@rfc2549.org> 2015-02-12 22:22:25 +0100
commit: 9f0928c6593f937a17b7974b04051c57e3874b20 (patch)
tree: 1aaffa07a5c177fef2c1386f1850a688045bec2e /main/openssl/crypto/ecdsa/ecs_vrf.c
parent: 68d26e1b1b5b411adce714c88532fc8889289f34 (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/main/openssl/crypto/ecdsa/ecs_vrf.c b/main/openssl/crypto/ecdsa/ecs_vrf.c
index ef9acf7b..188b9d57 100644
--- a/main/openssl/crypto/ecdsa/ecs_vrf.c
+++ b/main/openssl/crypto/ecdsa/ecs_vrf.c
@@ -57,6 +57,7 @@
  */
 
 #include "ecs_locl.h"
+#include <string.h>
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
@@ -84,13 +85,25 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
 		const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
  	{
 	ECDSA_SIG *s;
+	const unsigned char *p = sigbuf;
+	unsigned char *der = NULL;
+	int derlen = -1;
 	int ret=-1;
 
 	s = ECDSA_SIG_new();
 	if (s == NULL) return(ret);
-	if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err;
+	if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err;
+	/* Ensure signature uses DER and doesn't have trailing garbage */
+	derlen = i2d_ECDSA_SIG(s, &der);
+	if (derlen != sig_len || memcmp(sigbuf, der, derlen))
+		goto err;
 	ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);
 err:
+	if (derlen > 0)
+		{
+		OPENSSL_cleanse(der, derlen);
+		OPENSSL_free(der);
+		}
 	ECDSA_SIG_free(s);
 	return(ret);
 	}
author	Arne Schwabe <arne@rfc2549.org>	2015-02-12 22:22:25 +0100
committer	Arne Schwabe <arne@rfc2549.org>	2015-02-12 22:22:25 +0100
commit	9f0928c6593f937a17b7974b04051c57e3874b20 (patch)
tree	1aaffa07a5c177fef2c1386f1850a688045bec2e /main/openssl/crypto/ecdsa/ecs_vrf.c
parent	68d26e1b1b5b411adce714c88532fc8889289f34 (diff)