summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYoung Xiao <92siuyang@gmail.com>2019-04-17 17:20:24 +0800
committerStefan Roese <sr@denx.de>2019-05-03 08:14:39 +0200
commit225151234552b0a6d8ac6e4bf77b0fd1ee5d0973 (patch)
tree16211b0c7d2b0f2be1ad3aa465ef724614dab05a
parentb4ee6daad7a2604ca9466b2ba48de86cc27d381f (diff)
downloadu-boot-225151234552b0a6d8ac6e4bf77b0fd1ee5d0973.tar.gz
kwbimage: fixing the issue with proper return code checking
EVP_VerifyFinal would return one of three values: 1 if the data is verified to be correct; 0 if it is incorrect; -1 if there is any failure in the verification process. The varification in unpatched version is wrong, since it ignored the return value of -1. The bug allows a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA ans ECDSA keys used with SSL/TLS. This issue is similar to CVE-2008-5077, CVE-2009-0021, CVE-2009-0025, CVE-2009-0046 ~ CVE-2009-0049. Signed-off-by: Young Xiao <92siuyang@gmail.com> Signed-off-by: Stefan Roese <sr@denx.de>
-rw-r--r--tools/kwbimage.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index dffaf9043a..b8f8d38212 100644
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -701,7 +701,7 @@ int kwb_verify(RSA *key, void *data, int datasz, struct sig_v1 *sig,
goto err_ctx;
}
- if (!EVP_VerifyFinal(ctx, sig->sig, sizeof(sig->sig), evp_key)) {
+ if (EVP_VerifyFinal(ctx, sig->sig, sizeof(sig->sig), evp_key) != 1) {
ret = openssl_err("Could not verify signature");
goto err_ctx;
}