Hi there, In the file crypto/rsa/rsa_test.c, line 308~326, there is a check to ensure no corrupted data can be decrypted by the RSA implementation. However, in the loop, when it has already detected an error in current one, it will still continue the check in all left iterations, which is not necessary. Even it is, the code doesn't do it correctly, since the variable 'num' which will be used to call RSA_private_decrypt() in next iteration, as a parameter indicating the length of ciphertext, would have been set to a negative value in current iteration as the return value of the call, which will consequently cause the function returns failure always.
The attached patch just simply break the loop when error detected in any
iteration, which is fairly enough for our purpose.
#####################################################################
diff -ur openssl-orig/crypto/rsa/rsa_test.c
openssl-work/crypto/rsa/rsa_test.c
--- openssl-orig/crypto/rsa/rsa_test.c 2013-02-25 14:00:54.000000000 +0800
+++ openssl-work/crypto/rsa/rsa_test.c 2013-02-25 14:04:02.645611000 +0800
@@ -320,6 +320,7 @@
{
printf("Corrupt data decrypted!\n");
err = 1;
+ break;
}
}
}
#####################################################################
--
Regards,
Huang Le (Eric, Alibaba DevOps)
Email: 4tarhl AT gmail.com, le.hl AT alibaba-inc.com
mydiffs.patch
Description: Binary data
