diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-01-03 23:46:59 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-01-03 23:46:59 +0100 |
| commit | 9709393ac263d7fbd9f790c884b7b8141c6f4b13 (patch) | |
| tree | 3de991d7f0a8cec7c496c37696ef99a3098fd38d | |
| parent | ecd5fa69ae5dbf680acf2c581d6a14259d1c5b5c (diff) | |
| download | gnutls-9709393ac263d7fbd9f790c884b7b8141c6f4b13.tar.gz | |
Stricter RSA PKCS #1 1.5 encoding and decoding. Reported by Kikuchi Masashi.
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | lib/nettle/pk.c | 17 |
2 files changed, 18 insertions, 2 deletions
@@ -5,6 +5,9 @@ See the end for copying conditions. Version 2.12.22 (unreleased) +** libgnutls: Stricter RSA PKCS #1 1.5 encoding and decoding. Reported +by Kikuchi Masashi. + ** libgnutls: Updated gnulib ** API and ABI modifications: diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 505c6b4048..70e2bef794 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -40,6 +40,7 @@ #include <gnutls_pk.h> #include <nettle/dsa.h> #include <nettle/rsa.h> +#include <nettle/bignum.h> #include <random.h> #include <gnutls/crypto.h> @@ -105,7 +106,7 @@ _wrap_nettle_pk_encrypt (gnutls_pk_algorithm_t algo, mpz_powm (p, p, TOMPZ (pk_params->params[1]) /*e */ , TOMPZ (pk_params->params[0] /*m */ )); - ret = _gnutls_mpi_dprint_size (p, ciphertext, plaintext->size); + ret = _gnutls_mpi_dprint_size (p, ciphertext, nettle_mpz_sizeinbase_256_u(TOMPZ (pk_params->params[0]))); _gnutls_mpi_release (&p); if (ret < 0) @@ -209,6 +210,12 @@ _wrap_nettle_pk_decrypt (gnutls_pk_algorithm_t algo, { struct rsa_private_key priv; bigint_t c, ri, nc; + + if (ciphertext->size != nettle_mpz_sizeinbase_256_u(TOMPZ (pk_params->params[0]))) + { + gnutls_assert (); + return GNUTLS_E_DECRYPTION_FAILED; + } if (_gnutls_mpi_scan_nz (&c, ciphertext->data, ciphertext->size) != 0) { @@ -345,7 +352,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo, rsa_unblind (nc, ri, pk_params->params[0] /*m */ ); - ret = _gnutls_mpi_dprint (nc, signature); + ret = _gnutls_mpi_dprint_size (nc, signature, nettle_mpz_sizeinbase_256_u(TOMPZ (pk_params->params[0]))); rsa_fail: _gnutls_mpi_release (&nc); @@ -454,6 +461,12 @@ _wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo, case GNUTLS_PK_RSA: { bigint_t hash; + + if (signature->size != nettle_mpz_sizeinbase_256_u(TOMPZ (pk_params->params[0]))) + { + gnutls_assert (); + return GNUTLS_E_PK_SIG_VERIFY_FAILED; + } if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0) { |