From a9193c6380f0a545fd1c6e1c39f813cbef795a03 Mon Sep 17 00:00:00 2001
From: csoler <retroshare.project@gmail.com>
Date: Thu, 8 May 2014 09:20:25 +0000
Subject: [PATCH] added additional checks to signature verification

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7353 b45a01b8-16f6-495d-af2f-9b41ad6348cc
---
 libretroshare/src/gxs/gxssecurity.cc       | 11 +++++++++++
 libretroshare/src/services/p3msgservice.cc |  8 +++++---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/libretroshare/src/gxs/gxssecurity.cc b/libretroshare/src/gxs/gxssecurity.cc
index 7858f4520..3a9b27c5c 100644
--- a/libretroshare/src/gxs/gxssecurity.cc
+++ b/libretroshare/src/gxs/gxssecurity.cc
@@ -54,6 +54,12 @@ RSA *GxsSecurity::extractPublicKey(const RsTlvSecurityKey& key)
 bool GxsSecurity::getSignature(const char *data, uint32_t data_len, const RsTlvSecurityKey& privKey, RsTlvKeySignature& sign)
 {
 	RSA* rsa_pub = extractPrivateKey(privKey);
+
+	if(!rsa_pub)
+	{
+		std::cerr << "GxsSecurity::validateSignature(): Cannot validate signature. Keydata is incomplete." << std::endl;
+		return false ;
+	}
 	EVP_PKEY *key_pub = EVP_PKEY_new();
 	EVP_PKEY_assign_RSA(key_pub, rsa_pub);
 
@@ -80,6 +86,11 @@ bool GxsSecurity::validateSignature(const char *data, uint32_t data_len, const R
 {
 	RSA *rsakey = RSAPublicKey_dup(extractPublicKey(key)) ;
 
+	if(!rsakey)
+	{
+		std::cerr << "GxsSecurity::validateSignature(): Cannot validate signature. Keydata is incomplete." << std::endl;
+		return false ;
+	}
 	EVP_PKEY *signKey = EVP_PKEY_new();
 	EVP_PKEY_assign_RSA(signKey, rsakey);
 
diff --git a/libretroshare/src/services/p3msgservice.cc b/libretroshare/src/services/p3msgservice.cc
index 460bdbc33..6c7a9af7a 100644
--- a/libretroshare/src/services/p3msgservice.cc
+++ b/libretroshare/src/services/p3msgservice.cc
@@ -1984,10 +1984,12 @@ bool p3MsgService::decryptMessage(const std::string& mId)
 
 			  RsTlvSecurityKey signature_key ;
 
-			  if(mIdService->getKey(senders_id,signature_key) && GxsSecurity::validateSignature((char*)decrypted_data,offset,signature_key,signature))
-				  signature_ok = true ;
+			  if(!mIdService->getKey(senders_id,signature_key) || signature_key.keyData.bin_data == NULL)
+				  std::cerr << "(EE) No key for checking signature from " << senders_id << ", can't veryfy signature." << std::endl;
+			  else if(!GxsSecurity::validateSignature((char*)decrypted_data,offset,signature_key,signature))
+				  std::cerr << "(EE) Signature was verified and it doesn't check! This is a security issue!" << std::endl;
 			  else
-				  std::cerr << "(!!) No key for checking signature from " << senders_id << ", or signature doesn't check." << std::endl;
+				  signature_ok = true ;
 
 			  offset += signature_size ;
 		  }