diff options
author | Simon Josefsson <simon@josefsson.org> | 2006-09-08 13:21:27 +0000 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2006-09-08 13:21:27 +0000 |
commit | 0683a0b6fd30c816e2a5cba9e2478ce118c7506b (patch) | |
tree | d2e7dae9cc070e4adddfbbae25a77a61cafd2220 | |
parent | 879b17f7545847772316b55a1c06750a8ddc990a (diff) | |
download | gnutls-0683a0b6fd30c816e2a5cba9e2478ce118c7506b.tar.gz |
Don't return different errors depending on content of decrypted PKCS#1
token, to avoid Bleichenbacher's Crypto'98 attack, suggested by Werner
Koch <wk@gnupg.org>.
-rw-r--r-- | lib/gnutls_pk.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 514b87bd07..c4485994b1 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation + * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation * * Author: Nikos Mavroyanopoulos * @@ -265,8 +265,13 @@ _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, _gnutls_mpi_release (&res); - /* EB = 00||BT||PS||00||D + /* EB = 00||BT||PS||00||D * (use block type 'btype') + * + * From now on, return GNUTLS_E_DECRYPTION_FAILED on errors, to + * avoid attacks similar to the one described by Bleichenbacher in: + * "Chosen Ciphertext Attacks against Protocols Based on RSA + * Encryption Standard PKCS #1". */ @@ -303,8 +308,8 @@ _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, } if (edata[i] != 0xff) { - _gnutls_handshake_log ("PKCS #1 padding error"); - ret = GNUTLS_E_PKCS1_WRONG_PAD; + /* PKCS #1 padding error. Don't use + GNUTLS_E_PKCS1_WRONG_PAD here. */ break; } } @@ -312,7 +317,6 @@ _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, default: gnutls_assert (); gnutls_afree (edata); - return GNUTLS_E_INTERNAL_ERROR; } i++; |