Apply the third version of the patch from OpenSSL to address this issue.
- Rollback the updates for rsa.h, rsa_eay.c and rsa_err.c as they were not necessary to address this vulnerability. - Small update to the patch for rsa_sign.c for backward compatability so the same patch can be applied to 0.9.[6-9]
This commit is contained in:
parent
3053244401
commit
8d13789c5a
1
crypto/dist/openssl/crypto/rsa/rsa.h
vendored
1
crypto/dist/openssl/crypto/rsa/rsa.h
vendored
@ -412,7 +412,6 @@ void ERR_load_RSA_strings(void);
|
|||||||
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
|
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
|
||||||
#define RSA_R_OAEP_DECODING_ERROR 121
|
#define RSA_R_OAEP_DECODING_ERROR 121
|
||||||
#define RSA_R_PADDING_CHECK_FAILED 114
|
#define RSA_R_PADDING_CHECK_FAILED 114
|
||||||
#define RSA_R_PKCS1_PADDING_TOO_SHORT 105
|
|
||||||
#define RSA_R_P_NOT_PRIME 128
|
#define RSA_R_P_NOT_PRIME 128
|
||||||
#define RSA_R_Q_NOT_PRIME 129
|
#define RSA_R_Q_NOT_PRIME 129
|
||||||
#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
|
#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
|
||||||
|
9
crypto/dist/openssl/crypto/rsa/rsa_eay.c
vendored
9
crypto/dist/openssl/crypto/rsa/rsa_eay.c
vendored
@ -617,15 +617,6 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
|
|||||||
{
|
{
|
||||||
case RSA_PKCS1_PADDING:
|
case RSA_PKCS1_PADDING:
|
||||||
r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
|
r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
|
||||||
/* Generally signatures should be at least 2/3 padding, though
|
|
||||||
this isn't possible for really short keys and some standard
|
|
||||||
signature schemes, so don't check if the unpadded data is
|
|
||||||
small. */
|
|
||||||
if(r > 42 && 3*8*r >= BN_num_bits(rsa->n))
|
|
||||||
{
|
|
||||||
RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PKCS1_PADDING_TOO_SHORT);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
case RSA_X931_PADDING:
|
case RSA_X931_PADDING:
|
||||||
r=RSA_padding_check_X931(to,num,buf,i,num);
|
r=RSA_padding_check_X931(to,num,buf,i,num);
|
||||||
|
1
crypto/dist/openssl/crypto/rsa/rsa_err.c
vendored
1
crypto/dist/openssl/crypto/rsa/rsa_err.c
vendored
@ -142,7 +142,6 @@ static ERR_STRING_DATA RSA_str_reasons[]=
|
|||||||
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
|
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
|
||||||
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
|
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
|
||||||
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
|
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
|
||||||
{ERR_REASON(RSA_R_PKCS1_PADDING_TOO_SHORT),"pkcs1 padding too short"},
|
|
||||||
{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
|
{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
|
||||||
{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
|
{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
|
||||||
{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
|
{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
|
||||||
|
2
crypto/dist/openssl/crypto/rsa/rsa_sign.c
vendored
2
crypto/dist/openssl/crypto/rsa/rsa_sign.c
vendored
@ -196,7 +196,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
|
|||||||
/* Parameters to the signature algorithm can also be used to
|
/* Parameters to the signature algorithm can also be used to
|
||||||
create forgeries */
|
create forgeries */
|
||||||
if(sig->algor->parameter
|
if(sig->algor->parameter
|
||||||
&& ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
|
&& sig->algor->parameter->type != V_ASN1_NULL)
|
||||||
{
|
{
|
||||||
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
|
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
|
||||||
goto err;
|
goto err;
|
||||||
|
Loading…
Reference in New Issue
Block a user