diff options
author | Young Xiao <92siuyang@gmail.com> | 2019-04-17 17:20:24 +0800 |
---|---|---|
committer | Stefan Roese <sr@denx.de> | 2019-05-03 08:14:39 +0200 |
commit | 225151234552b0a6d8ac6e4bf77b0fd1ee5d0973 (patch) | |
tree | 16211b0c7d2b0f2be1ad3aa465ef724614dab05a /tools/kwbimage.c | |
parent | b4ee6daad7a2604ca9466b2ba48de86cc27d381f (diff) | |
download | u-boot-225151234552b0a6d8ac6e4bf77b0fd1ee5d0973.tar.gz |
kwbimage: fixing the issue with proper return code checking
EVP_VerifyFinal would return one of three values:
1 if the data is verified to be correct;
0 if it is incorrect;
-1 if there is any failure in the verification process.
The varification in unpatched version is wrong, since it ignored
the return value of -1.
The bug allows a malformed signature to be treated as a good
signature rather than as an error. This issue affects the
signature checks on DSA ans ECDSA keys used with SSL/TLS.
This issue is similar to CVE-2008-5077, CVE-2009-0021,
CVE-2009-0025, CVE-2009-0046 ~ CVE-2009-0049.
Signed-off-by: Young Xiao <92siuyang@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
Diffstat (limited to 'tools/kwbimage.c')
-rw-r--r-- | tools/kwbimage.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/kwbimage.c b/tools/kwbimage.c index dffaf9043a..b8f8d38212 100644 --- a/tools/kwbimage.c +++ b/tools/kwbimage.c @@ -701,7 +701,7 @@ int kwb_verify(RSA *key, void *data, int datasz, struct sig_v1 *sig, goto err_ctx; } - if (!EVP_VerifyFinal(ctx, sig->sig, sizeof(sig->sig), evp_key)) { + if (EVP_VerifyFinal(ctx, sig->sig, sizeof(sig->sig), evp_key) != 1) { ret = openssl_err("Could not verify signature"); goto err_ctx; } |