- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)
This commit is contained in:
parent
2020821670
commit
ba40f6bb66
77
openssl-0.9.8b-cve-2006-4339.patch
Normal file
77
openssl-0.9.8b-cve-2006-4339.patch
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
*) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
|
||||||
|
(CVE-2006-4339) [Ben Laurie; Google Security Team]
|
||||||
|
openssl/crypto/rsa/rsa.h 1.55.2.4 -> 1.55.2.5
|
||||||
|
|
||||||
|
--- openssl/crypto/rsa/rsa.h 2006/01/09 16:05:18 1.55.2.4
|
||||||
|
+++ openssl/crypto/rsa/rsa.h 2006/09/05 08:25:42 1.55.2.5
|
||||||
|
@@ -412,6 +412,7 @@
|
||||||
|
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
|
||||||
|
#define RSA_R_OAEP_DECODING_ERROR 121
|
||||||
|
#define RSA_R_PADDING_CHECK_FAILED 114
|
||||||
|
+#define RSA_R_PKCS1_PADDING_TOO_SHORT 105
|
||||||
|
#define RSA_R_P_NOT_PRIME 128
|
||||||
|
#define RSA_R_Q_NOT_PRIME 129
|
||||||
|
#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
|
||||||
|
|
||||||
|
openssl/crypto/rsa/rsa_eay.c 1.46.2.4 -> 1.46.2.5
|
||||||
|
|
||||||
|
--- openssl/crypto/rsa/rsa_eay.c 2006/06/14 08:51:40 1.46.2.4
|
||||||
|
+++ openssl/crypto/rsa/rsa_eay.c 2006/09/05 08:25:42 1.46.2.5
|
||||||
|
@@ -640,6 +640,15 @@
|
||||||
|
{
|
||||||
|
case RSA_PKCS1_PADDING:
|
||||||
|
r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
|
||||||
|
+ /* Generally signatures should be at least 2/3 padding, though
|
||||||
|
+ this isn't possible for really short keys and some standard
|
||||||
|
+ signature schemes, so don't check if the unpadded data is
|
||||||
|
+ small. */
|
||||||
|
+ if(r > 42 && 3*8*r >= BN_num_bits(rsa->n))
|
||||||
|
+ {
|
||||||
|
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PKCS1_PADDING_TOO_SHORT);
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
break;
|
||||||
|
case RSA_X931_PADDING:
|
||||||
|
r=RSA_padding_check_X931(to,num,buf,i,num);
|
||||||
|
|
||||||
|
openssl/crypto/rsa/rsa_err.c 1.17.2.3 -> 1.17.2.4
|
||||||
|
|
||||||
|
--- openssl/crypto/rsa/rsa_err.c 2006/01/09 16:05:18 1.17.2.3
|
||||||
|
+++ openssl/crypto/rsa/rsa_err.c 2006/09/05 08:25:42 1.17.2.4
|
||||||
|
@@ -142,6 +142,7 @@
|
||||||
|
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
|
||||||
|
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
|
||||||
|
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
|
||||||
|
+{ERR_REASON(RSA_R_PKCS1_PADDING_TOO_SHORT),"pkcs1 padding too short"},
|
||||||
|
{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
|
||||||
|
{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
|
||||||
|
{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
|
||||||
|
|
||||||
|
openssl/crypto/rsa/rsa_sign.c 1.21 -> 1.21.2.1
|
||||||
|
|
||||||
|
--- openssl/crypto/rsa/rsa_sign.c 2005/04/26 22:07:17 1.21
|
||||||
|
+++ openssl/crypto/rsa/rsa_sign.c 2006/09/05 08:25:42 1.21.2.1
|
||||||
|
@@ -185,6 +185,23 @@
|
||||||
|
sig=d2i_X509_SIG(NULL,&p,(long)i);
|
||||||
|
|
||||||
|
if (sig == NULL) goto err;
|
||||||
|
+
|
||||||
|
+ /* Excess data can be used to create forgeries */
|
||||||
|
+ if(p != s+i)
|
||||||
|
+ {
|
||||||
|
+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* Parameters to the signature algorithm can also be used to
|
||||||
|
+ create forgeries */
|
||||||
|
+ if(sig->algor->parameter
|
||||||
|
+ && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
|
||||||
|
+ {
|
||||||
|
+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
sigtype=OBJ_obj2nid(sig->algor->algorithm);
|
||||||
|
|
||||||
|
|
@ -21,7 +21,7 @@
|
|||||||
Summary: The OpenSSL toolkit
|
Summary: The OpenSSL toolkit
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 0.9.8b
|
Version: 0.9.8b
|
||||||
Release: 5
|
Release: 6
|
||||||
Source: openssl-%{version}-usa.tar.bz2
|
Source: openssl-%{version}-usa.tar.bz2
|
||||||
Source1: hobble-openssl
|
Source1: hobble-openssl
|
||||||
Source2: Makefile.certificate
|
Source2: Makefile.certificate
|
||||||
@ -55,6 +55,7 @@ Patch52: openssl-0.9.8b-pkcs12-fix.patch
|
|||||||
Patch53: openssl-0.9.8b-bn-threadsafety.patch
|
Patch53: openssl-0.9.8b-bn-threadsafety.patch
|
||||||
Patch54: openssl-0.9.8b-aes-cachecol.patch
|
Patch54: openssl-0.9.8b-aes-cachecol.patch
|
||||||
Patch55: openssl-0.9.8b-pkcs7-leak.patch
|
Patch55: openssl-0.9.8b-pkcs7-leak.patch
|
||||||
|
Patch56: openssl-0.9.8b-cve-2006-4339.patch
|
||||||
|
|
||||||
License: BSDish
|
License: BSDish
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -119,6 +120,7 @@ from other formats to the formats used by the OpenSSL toolkit.
|
|||||||
%patch53 -p1 -b .bn-threadsafety
|
%patch53 -p1 -b .bn-threadsafety
|
||||||
%patch54 -p1 -b .cachecol
|
%patch54 -p1 -b .cachecol
|
||||||
%patch55 -p1 -b .pkcs7-leak
|
%patch55 -p1 -b .pkcs7-leak
|
||||||
|
%patch56 -p1 -b .short-padding
|
||||||
|
|
||||||
# Modify the various perl scripts to reference perl in the right location.
|
# Modify the various perl scripts to reference perl in the right location.
|
||||||
perl util/perlpath.pl `dirname %{__perl}`
|
perl util/perlpath.pl `dirname %{__perl}`
|
||||||
@ -353,6 +355,9 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
|
|||||||
%postun -p /sbin/ldconfig
|
%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Sep 9 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-6
|
||||||
|
- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)
|
||||||
|
|
||||||
* Wed Aug 2 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-5
|
* Wed Aug 2 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-5
|
||||||
- set buffering to none on stdio/stdout FILE when bufsize is set (#200580)
|
- set buffering to none on stdio/stdout FILE when bufsize is set (#200580)
|
||||||
patch by IBM
|
patch by IBM
|
||||||
|
Loading…
Reference in New Issue
Block a user