- Fixed possible heap overflow in pkcs1_decrypt on data larger than output
buffer after padding. For instance the premaster decryption in ssl_parse_client_key_exchange() in ssl_serv.c (Thanks to Christophe Devine)
This commit is contained in:
parent
c32c6b56ca
commit
060c56871c
3 changed files with 15 additions and 5 deletions
|
@ -31,6 +31,7 @@
|
|||
#define POLARSSL_ERR_RSA_PUBLIC_FAILED -0x0440
|
||||
#define POLARSSL_ERR_RSA_PRIVATE_FAILED -0x0450
|
||||
#define POLARSSL_ERR_RSA_VERIFY_FAILED -0x0460
|
||||
#define POLARSSL_ERR_RSA_OUTPUT_TO_LARGE -0x0470
|
||||
|
||||
/*
|
||||
* PKCS#1 constants
|
||||
|
@ -216,16 +217,19 @@ int rsa_pkcs1_encrypt( rsa_context *ctx,
|
|||
* \param input buffer holding the encrypted data
|
||||
* \param output buffer that will hold the plaintext
|
||||
* \param olen will contain the plaintext length
|
||||
* \param output_max_len maximum length of the output buffer
|
||||
*
|
||||
* \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
|
||||
*
|
||||
* \note The output buffer must be as large as the size
|
||||
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
|
||||
* of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
|
||||
* an error is thrown.
|
||||
*/
|
||||
int rsa_pkcs1_decrypt( rsa_context *ctx,
|
||||
int mode, int *olen,
|
||||
unsigned char *input,
|
||||
unsigned char *output );
|
||||
unsigned char *output,
|
||||
int output_max_len);
|
||||
|
||||
/**
|
||||
* \brief Do a private RSA to sign a message digest
|
||||
|
|
|
@ -328,7 +328,8 @@ int rsa_pkcs1_encrypt( rsa_context *ctx,
|
|||
int rsa_pkcs1_decrypt( rsa_context *ctx,
|
||||
int mode, int *olen,
|
||||
unsigned char *input,
|
||||
unsigned char *output )
|
||||
unsigned char *output,
|
||||
int output_max_len)
|
||||
{
|
||||
int ret, ilen;
|
||||
unsigned char *p;
|
||||
|
@ -369,6 +370,9 @@ int rsa_pkcs1_decrypt( rsa_context *ctx,
|
|||
return( POLARSSL_ERR_RSA_INVALID_PADDING );
|
||||
}
|
||||
|
||||
if (ilen - (int)(p - buf) > output_max_len)
|
||||
return( POLARSSL_ERR_RSA_OUTPUT_TO_LARGE );
|
||||
|
||||
*olen = ilen - (int)(p - buf);
|
||||
memcpy( output, p, *olen );
|
||||
|
||||
|
@ -677,7 +681,8 @@ int rsa_self_test( int verbose )
|
|||
printf( "passed\n PKCS#1 decryption : " );
|
||||
|
||||
if( rsa_pkcs1_decrypt( &rsa, RSA_PRIVATE, &len,
|
||||
rsa_ciphertext, rsa_decrypted ) != 0 )
|
||||
rsa_ciphertext, rsa_decrypted,
|
||||
sizeof(rsa_decrypted) ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
printf( "failed\n" );
|
||||
|
|
|
@ -726,7 +726,8 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
|||
}
|
||||
|
||||
ret = rsa_pkcs1_decrypt( ssl->rsa_key, RSA_PRIVATE, &ssl->pmslen,
|
||||
ssl->in_msg + i, ssl->premaster );
|
||||
ssl->in_msg + i, ssl->premaster,
|
||||
sizeof(ssl->premaster) );
|
||||
|
||||
if( ret != 0 || ssl->pmslen != 48 ||
|
||||
ssl->premaster[0] != ssl->max_major_ver ||
|
||||
|
|
Loading…
Reference in a new issue