summaryrefslogtreecommitdiff
path: root/main/openssl/crypto/ecdsa/ecs_vrf.c
diff options
context:
space:
mode:
Diffstat (limited to 'main/openssl/crypto/ecdsa/ecs_vrf.c')
-rw-r--r--main/openssl/crypto/ecdsa/ecs_vrf.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/main/openssl/crypto/ecdsa/ecs_vrf.c b/main/openssl/crypto/ecdsa/ecs_vrf.c
index ef9acf7b..188b9d57 100644
--- a/main/openssl/crypto/ecdsa/ecs_vrf.c
+++ b/main/openssl/crypto/ecdsa/ecs_vrf.c
@@ -57,6 +57,7 @@
*/
#include "ecs_locl.h"
+#include <string.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
@@ -84,13 +85,25 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
{
ECDSA_SIG *s;
+ const unsigned char *p = sigbuf;
+ unsigned char *der = NULL;
+ int derlen = -1;
int ret=-1;
s = ECDSA_SIG_new();
if (s == NULL) return(ret);
- if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err;
+ if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err;
+ /* Ensure signature uses DER and doesn't have trailing garbage */
+ derlen = i2d_ECDSA_SIG(s, &der);
+ if (derlen != sig_len || memcmp(sigbuf, der, derlen))
+ goto err;
ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);
err:
+ if (derlen > 0)
+ {
+ OPENSSL_cleanse(der, derlen);
+ OPENSSL_free(der);
+ }
ECDSA_SIG_free(s);
return(ret);
}