Am Wed, 16 Sep 2015 08:55:51 +0200 schrieb Michael Heide
<michael.he...@student.uni-siegen.de>:
> My question now is: how to (proper) handle it?
Maybe a more sensible way to handle those signatures with OpenSSL is to still
not allow such things but instead return an error indicating success if it
/would/ be allowed to do it this way? The application then can check for this
specific error and translate it into success. (meaning: this specific error is
set if OpenSSL successfully compared both hashes and is - as such - not really
a fatal error.)
This way OpenSSLs default behaviour won't change, it's still an error to not
encapsulate the encryptedDigest in an asn1 structure. But the application
programmer is able to handle it.
see attachment.
(Maybe a callback-function at the place where the error gets generated would be
a better option. But I think that would be a more extensive change in OpenSSL.)
Regards
Michael
Index: openssl-1.0.1e/crypto/rsa/rsa.h
===================================================================
--- openssl-1.0.1e.orig/crypto/rsa/rsa.h 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/rsa/rsa.h 2015-09-19 12:51:16.237273005 +0200
@@ -575,6 +575,7 @@
#define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155
#define RSA_R_VALUE_MISSING 147
#define RSA_R_WRONG_SIGNATURE_LENGTH 119
+#define RSA_R_PLAIN_VALID_DIGEST_ONLY 159
#ifdef __cplusplus
}
Index: openssl-1.0.1e/crypto/rsa/rsa_err.c
===================================================================
--- openssl-1.0.1e.orig/crypto/rsa/rsa_err.c 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/rsa/rsa_err.c 2015-09-19 12:51:42.916518284 +0200
@@ -191,6 +191,7 @@
{ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE),"unsupported signature type"},
{ERR_REASON(RSA_R_VALUE_MISSING) ,"value missing"},
{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
+{ERR_REASON(RSA_R_PLAIN_VALID_DIGEST_ONLY),"message digest valid but not encapsulated in asn1 structure"},
{0,NULL}
};
Index: openssl-1.0.1e/crypto/rsa/rsa_sign.c
===================================================================
--- openssl-1.0.1e.orig/crypto/rsa/rsa_sign.c 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/rsa/rsa_sign.c 2015-09-19 12:52:00.464020962 +0200
@@ -221,6 +221,9 @@
if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
else ret = 1;
+ } else if ((i==m_len) && !memcmp(s, m, i))
+ {
+ RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_PLAIN_VALID_DIGEST_ONLY);
} else {
const unsigned char *p=s;
sig=d2i_X509_SIG(NULL,&p,(long)i);
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
