Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-3-0]: src/crypto/dist/openssl/crypto/rsa Pull up following revisi...



details:   https://anonhg.NetBSD.org/src/rev/a653cccc1ad0
branches:  netbsd-3-0
changeset: 579296:a653cccc1ad0
user:      ghen <ghen%NetBSD.org@localhost>
date:      Fri Sep 08 09:30:19 2006 +0000

description:
Pull up following revision(s) (requested by 1504 in ticket #adrianp):
        crypto/dist/openssl/crypto/rsa/rsa_sign.c: revision 1.2
        crypto/dist/openssl/crypto/rsa/rsa_sign.c: revision 1.3
Apply patch-CVE-2006-4339.txt
Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures. If an RSA key with exponent 3 is used it may be possible
to forge a PKCS #1 v1.5 signature signed by that key. Implementations
may incorrectly verify the certificate if they are not checking for
excess data in the RSA exponentiation result of the signature.
Since there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is
used in X.509 certificates, all software that uses OpenSSL to verify
X.509 certificates is potentially vulnerable, as well as any other use
of PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or
TLS.
Apply the third version of the patch from OpenSSL to address this issue.
- Small update to the patch for rsa_sign.c for backward compatability so
  the same patch can be applied to 0.9.[6-9]

diffstat:

 crypto/dist/openssl/crypto/rsa/rsa_sign.c |  17 +++++++++++++++++
 1 files changed, 17 insertions(+), 0 deletions(-)

diffs (27 lines):

diff -r 1b8d20b814b8 -r a653cccc1ad0 crypto/dist/openssl/crypto/rsa/rsa_sign.c
--- a/crypto/dist/openssl/crypto/rsa/rsa_sign.c Wed Sep 06 19:11:36 2006 +0000
+++ b/crypto/dist/openssl/crypto/rsa/rsa_sign.c Fri Sep 08 09:30:19 2006 +0000
@@ -185,6 +185,23 @@
                sig=d2i_X509_SIG(NULL,&p,(long)i);
 
                if (sig == NULL) goto err;
+
+               /* Excess data can be used to create forgeries */
+               if(p != s+i)
+                       {
+                       RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                       goto err;
+                       }
+
+               /* Parameters to the signature algorithm can also be used to
+                  create forgeries */
+               if(sig->algor->parameter
+                  && sig->algor->parameter->type != V_ASN1_NULL)
+                       {
+                       RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                       goto err;
+                       }
+
                sigtype=OBJ_obj2nid(sig->algor->algorithm);
 
 



Home | Main Index | Thread Index | Old Index