[Pkg-openssl-changes] r155 - in openssl/trunk: crypto crypto/rsa
debian
Kurt Roeckx
kroeckx at costa.debian.org
Tue Sep 5 18:36:39 UTC 2006
Author: kroeckx
Date: 2006-09-05 18:36:39 +0000 (Tue, 05 Sep 2006)
New Revision: 155
Added:
openssl/trunk/crypto/rsa/
Modified:
openssl/trunk/crypto/rsa/rsa.h
openssl/trunk/crypto/rsa/rsa_eay.c
openssl/trunk/crypto/rsa/rsa_err.c
openssl/trunk/crypto/rsa/rsa_sign.c
openssl/trunk/debian/changelog
Log:
Fix RSA Signature Forgery (CVE-2006-4339) using patch provided by upstream.
Copied: openssl/trunk/crypto/rsa (from rev 154, openssl/branches/upstream/current/crypto/rsa)
Modified: openssl/trunk/crypto/rsa/rsa.h
===================================================================
--- openssl/branches/upstream/current/crypto/rsa/rsa.h 2006-09-05 18:32:11 UTC (rev 154)
+++ openssl/trunk/crypto/rsa/rsa.h 2006-09-05 18:36:39 UTC (rev 155)
@@ -412,6 +412,7 @@
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
#define RSA_R_OAEP_DECODING_ERROR 121
#define RSA_R_PADDING_CHECK_FAILED 114
+#define RSA_R_PKCS1_PADDING_TOO_SHORT 105
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_Q_NOT_PRIME 129
#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
Modified: openssl/trunk/crypto/rsa/rsa_eay.c
===================================================================
--- openssl/branches/upstream/current/crypto/rsa/rsa_eay.c 2006-09-05 18:32:11 UTC (rev 154)
+++ openssl/trunk/crypto/rsa/rsa_eay.c 2006-09-05 18:36:39 UTC (rev 155)
@@ -617,6 +617,15 @@
{
case RSA_PKCS1_PADDING:
r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
+ /* Generally signatures should be at least 2/3 padding, though
+ this isn't possible for really short keys and some standard
+ signature schemes, so don't check if the unpadded data is
+ small. */
+ if(r > 42 && 3*8*r >= BN_num_bits(rsa->n))
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PKCS1_PADDING_TOO_SHORT);
+ goto err;
+ }
break;
case RSA_X931_PADDING:
r=RSA_padding_check_X931(to,num,buf,i,num);
Modified: openssl/trunk/crypto/rsa/rsa_err.c
===================================================================
--- openssl/branches/upstream/current/crypto/rsa/rsa_err.c 2006-09-05 18:32:11 UTC (rev 154)
+++ openssl/trunk/crypto/rsa/rsa_err.c 2006-09-05 18:36:39 UTC (rev 155)
@@ -142,6 +142,7 @@
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
+{ERR_REASON(RSA_R_PKCS1_PADDING_TOO_SHORT),"pkcs1 padding too short"},
{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
Modified: openssl/trunk/crypto/rsa/rsa_sign.c
===================================================================
--- openssl/branches/upstream/current/crypto/rsa/rsa_sign.c 2006-09-05 18:32:11 UTC (rev 154)
+++ openssl/trunk/crypto/rsa/rsa_sign.c 2006-09-05 18:36:39 UTC (rev 155)
@@ -185,6 +185,23 @@
sig=d2i_X509_SIG(NULL,&p,(long)i);
if (sig == NULL) goto err;
+
+ /* Excess data can be used to create forgeries */
+ if(p != s+i)
+ {
+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+ goto err;
+ }
+
+ /* Parameters to the signature algorithm can also be used to
+ create forgeries */
+ if(sig->algor->parameter
+ && sig->algor->parameter->type != V_ASN1_NULL)
+ {
+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+ goto err;
+ }
+
sigtype=OBJ_obj2nid(sig->algor->algorithm);
Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog 2006-09-05 18:32:11 UTC (rev 154)
+++ openssl/trunk/debian/changelog 2006-09-05 18:36:39 UTC (rev 155)
@@ -1,3 +1,10 @@
+openssl (0.9.8b-3) unstable; urgency=high
+
+ * Fix RSA Signature Forgery (CVE-2006-4339) using patch provided
+ by upstream.
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 5 Sep 2006 18:26:10 +0000
+
openssl (0.9.8b-2) unstable; urgency=low
* Don't call gcc with -mcpu on i386, we already use -march, so no need for
More information about the Pkg-openssl-changes
mailing list