From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Tue, 14 Apr 2020 12:23:20 +0000 (+0300)
Subject: lib-dcrypt: Require ECDSA signature size is even
X-Git-Tag: 2.3.11.2~467
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b3ecbd3c14cabdb728e4d813c70e9fc6f29c37f;p=thirdparty%2Fdovecot%2Fcore.git

lib-dcrypt: Require ECDSA signature size is even

Valid ECDSA signature has two parts of equal sizes
---

diff --git a/src/lib-dcrypt/dcrypt-openssl.c b/src/lib-dcrypt/dcrypt-openssl.c
index b65630ff80..981392da30 100644
--- a/src/lib-dcrypt/dcrypt-openssl.c
+++ b/src/lib-dcrypt/dcrypt-openssl.c
@@ -3314,6 +3314,12 @@ dcrypt_openssl_verify_ecdsa(struct dcrypt_public_key *key, const char *algorithm
 			    const unsigned char *signature, size_t signature_len,
 			    bool *valid_r, const char **error_r)
 {
+        if ((signature_len % 2) != 0) {
+                if (error_r != NULL)
+                        *error_r = "Truncated signature";
+                return FALSE;
+        }
+
 	EVP_PKEY *pkey = key->key;
 	EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
 	int ec;