rpms/openssl097a/FC-5 openssl-0.9.7a-cve-2006-4339.patch, NONE, 1.1 openssl.spec, 1.8, 1.9
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Sep 5 16:12:10 UTC 2006
Author: tmraz
Update of /cvs/dist/rpms/openssl097a/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv29622
Modified Files:
openssl.spec
Added Files:
openssl-0.9.7a-cve-2006-4339.patch
Log Message:
* Tue Sep 9 2006 Tomas Mraz <tmraz at redhat.com> 0.9.7a-43.11
- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)
openssl-0.9.7a-cve-2006-4339.patch:
rsa.h | 1 +
rsa_eay.c | 9 +++++++++
rsa_err.c | 1 +
rsa_sign.c | 17 +++++++++++++++++
4 files changed, 28 insertions(+)
--- NEW FILE openssl-0.9.7a-cve-2006-4339.patch ---
*) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339) [Ben Laurie; Google Security Team]
--- openssl-0.9.7a/crypto/rsa/rsa_sign.c.short-padding 2003-01-30 18:37:46.000000000 +0100
+++ openssl-0.9.7a/crypto/rsa/rsa_sign.c 2006-09-04 12:47:38.000000000 +0200
@@ -190,6 +190,23 @@
sig=d2i_X509_SIG(NULL,&p,(long)i);
if (sig == NULL) goto err;
+
+ /* Excess data can be used to create forgeries */
+ if(p != s+i)
+ {
+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+ goto err;
+ }
+
+ /* Parameters to the signature algorithm can also be used to
+ create forgeries */
+ if(sig->algor->parameter &&
+ (ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL))
+ {
+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+ goto err;
+ }
+
sigtype=OBJ_obj2nid(sig->algor->algorithm);
--- openssl-0.9.7a/crypto/rsa/rsa_err.c.short-padding 2001-07-25 19:02:58.000000000 +0200
+++ openssl-0.9.7a/crypto/rsa/rsa_err.c 2006-09-04 12:48:51.000000000 +0200
@@ -120,6 +120,7 @@
{RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"},
{RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"},
{RSA_R_PADDING_CHECK_FAILED ,"padding check failed"},
+{RSA_R_PKCS1_PADDING_TOO_SHORT ,"pkcs1 padding too short"},
{RSA_R_P_NOT_PRIME ,"p not prime"},
{RSA_R_Q_NOT_PRIME ,"q not prime"},
{RSA_R_RSA_OPERATIONS_NOT_SUPPORTED ,"rsa operations not supported"},
--- openssl-0.9.7a/crypto/rsa/rsa_eay.c.short-padding 2006-08-07 16:00:02.000000000 +0200
+++ openssl-0.9.7a/crypto/rsa/rsa_eay.c 2006-09-04 12:47:38.000000000 +0200
@@ -606,6 +606,15 @@
{
case RSA_PKCS1_PADDING:
r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
+ /* Generally signatures should be at least 2/3 padding, though
+ this isn't possible for really short keys and some standard
+ signature schemes, so don't check if the unpadded data is
+ small. */
+ if(r > 42 && 3*8*r >= BN_num_bits(rsa->n))
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PKCS1_PADDING_TOO_SHORT);
+ goto err;
+ }
break;
case RSA_NO_PADDING:
r=RSA_padding_check_none(to,num,buf,i,num);
--- openssl-0.9.7a/crypto/rsa/rsa.h.short-padding 2006-08-07 16:00:02.000000000 +0200
+++ openssl-0.9.7a/crypto/rsa/rsa.h 2006-09-04 12:47:38.000000000 +0200
@@ -348,6 +348,7 @@
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
#define RSA_R_OAEP_DECODING_ERROR 121
#define RSA_R_PADDING_CHECK_FAILED 114
+#define RSA_R_PKCS1_PADDING_TOO_SHORT 105
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_Q_NOT_PRIME 129
#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
Index: openssl.spec
===================================================================
RCS file: /cvs/dist/rpms/openssl097a/FC-5/openssl.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- openssl.spec 11 Feb 2006 04:54:11 -0000 1.8
+++ openssl.spec 5 Sep 2006 16:12:08 -0000 1.9
@@ -21,7 +21,7 @@
Summary: The OpenSSL toolkit.
Name: openssl097a
Version: 0.9.7a
-Release: 4.2.1
+Release: 4.2.2
Source: openssl-%{version}-usa.tar.bz2
Source1: hobble-openssl
Source2: Makefile.certificate
@@ -63,6 +63,7 @@
Patch45: openssl-0.9.7a-can-2005-0109.patch
Patch46: openssl-0.9.7a-dsa-consttime.patch
Patch47: openssl-0.9.7a-can-2005-2969.patch
+Patch49: openssl-0.9.7a-cve-2006-4339.patch
License: BSDish
Group: System Environment/Libraries
URL: http://www.openssl.org/
@@ -157,6 +158,7 @@
%patch45 -p1 -b .modexp-consttime
%patch46 -p1 -b .dsa-consttime
%patch47 -p0 -b .ssl2-rollback
+%patch49 -p1 -b .short-padding
# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`
@@ -383,6 +385,9 @@
%postun -p /sbin/ldconfig
%changelog
+* Tue Sep 9 2006 Tomas Mraz <tmraz at redhat.com> 0.9.7a-43.11
+- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)
+
* Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - 0.9.7a-4.2.1
- bump again for double-long bug on ppc(64)
More information about the fedora-cvs-commits
mailing list