projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix various certificate fingerprint issues.
[openssl.git] / crypto / asn1 / a_verify.c
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index aacf4763b585c267dc5762f0c57742f3dba06eec..fdeeef6761e65fdd2b3c28deea66a52f4233354d 100644 (file)
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -90,6 +90,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
                ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
                goto err;
                }
+
+       if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
+               {
+               ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+               goto err;
+               }
        
        inl=i2d(data,NULL);
        buf_in=OPENSSL_malloc((unsigned int)inl);
@@ -150,6 +156,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
                return -1;
                }
 
+       if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
+               {
+               ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+               return -1;
+               }
+
        EVP_MD_CTX_init(&ctx);
 
        /* Convert signature OID into digest and public key OIDs */
Unnamed repository; edit this file 'description' to name the repository.