Package: gnutls26 / 2.12.20-8+deb7u5

33_stricter_rsa_pkcs_1.5.diff Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
From 24c6ce144a1e071210dc33cc794690429d74456c Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sun, 6 Jan 2013 00:11:01 +0100
Subject: [PATCH 11/11] libgcrypt code updated with similar checks to nettle
 code

This is the gcrypt counterpart to
http://gitorious.org/gnutls/gnutls/commit/9709393ac263d7fbd9f790c884b7b8141c6f4b13
Stricter RSA PKCS #1 1.5 encoding and decoding. Reported
by Kikuchi Masashi.
http://lists.gnutls.org/pipermail/gnutls-devel/2012-December/006016.html

---
 lib/gcrypt/pk.c |   16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/lib/gcrypt/pk.c b/lib/gcrypt/pk.c
index e3bedaf..b1ce8f9 100644
--- a/lib/gcrypt/pk.c
+++ b/lib/gcrypt/pk.c
@@ -121,7 +121,7 @@ _wrap_gcry_pk_encrypt (gnutls_pk_algorithm_t algo,
       goto cleanup;
     }
 
-  ret = _gnutls_mpi_dprint_size (res, ciphertext, plaintext->size);
+  ret = _gnutls_mpi_dprint_size (res, ciphertext, (_gnutls_mpi_get_nbits(pk_params->params[0])+7)/8);
   _gnutls_mpi_release (&res);
   if (ret < 0)
     {
@@ -164,6 +164,12 @@ _wrap_gcry_pk_decrypt (gnutls_pk_algorithm_t algo,
   switch (algo)
     {
     case GNUTLS_PK_RSA:
+        if (ciphertext->size != (_gnutls_mpi_get_nbits(pk_params->params[0])+7)/8)
+          {
+            gnutls_assert ();
+            return GNUTLS_E_DECRYPTION_FAILED;
+          }
+
       if (pk_params->params_nr >= 6)
         rc = gcry_sexp_build (&s_pkey, NULL,
                               "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
@@ -363,7 +369,7 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature,
         res[0] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
         gcry_sexp_release (list);
 
-        ret = _gnutls_mpi_dprint (res[0], signature);
+        ret = _gnutls_mpi_dprint_size (res[0], signature, (_gnutls_mpi_get_nbits(pk_params->params[0])+7)/8);
         if (ret < 0)
           {
             gnutls_assert ();
@@ -424,6 +430,12 @@ _wrap_gcry_pk_verify (gnutls_pk_algorithm_t algo,
                               pk_params->params[2], pk_params->params[3]);
       break;
     case GNUTLS_PK_RSA:
+      if (signature->size != (_gnutls_mpi_get_nbits(pk_params->params[0])+7)/8)
+        {
+          gnutls_assert ();
+          return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+        }
+
       if (pk_params->params_nr >= 2)
         rc = gcry_sexp_build (&s_pkey, NULL,
                               "(public-key(rsa(n%m)(e%m)))",
-- 
1.7.10.4