From: Bodo Möller Date: Wed, 25 Jul 2001 17:03:22 +0000 (+0000) Subject: always reject data >= n X-Git-Tag: OpenSSL_0_9_6c~173 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=27f3a1bd9ced7c72046755b227a5b35d66ef3606;p=oweals%2Fopenssl.git always reject data >= n --- diff --git a/CHANGES b/CHANGES index 4d0063fb85..7ec2fc8fc3 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,18 @@ Changes between 0.9.6b and 0.9.6c [XX xxx XXXX] + *) In + + RSA_eay_public_encrypt + RSA_eay_private_decrypt + RSA_eay_private_encrypt (signing) + RSA_eay_public_decrypt (signature verification) + + (default implementations for RSA_public_encrypt, + RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt), + always reject numbers >= n. + [Bodo Moeller] + *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID *before* setting the 'crypto_lock_rand' flag. The previous code had a race condition if 0 is a valid thread ID. diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index fef4ef5a2d..b029cbc3a4 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -316,6 +316,7 @@ void *RSA_get_ex_data(RSA *r, int idx); #define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 #define RSA_R_DATA_TOO_LARGE 109 #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 #define RSA_R_DATA_TOO_SMALL 111 #define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 3e38320257..cafdc419e2 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -78,8 +78,8 @@ static int RSA_eay_finish(RSA *rsa); static RSA_METHOD rsa_pkcs1_eay_meth={ "Eric Young's PKCS#1 RSA", RSA_eay_public_encrypt, - RSA_eay_public_decrypt, - RSA_eay_private_encrypt, + RSA_eay_public_decrypt, /* signature verification */ + RSA_eay_private_encrypt, /* signing */ RSA_eay_private_decrypt, RSA_eay_mod_exp, BN_mod_exp_mont, @@ -136,6 +136,13 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from, if (BN_bin2bn(buf,num,&f) == NULL) goto err; + if (BN_ucmp(&f, rsa->n) >= 0) + { + /* usually the padding functions would catch this */ + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + goto err; + } + if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) { BN_MONT_CTX* bn_mont_ctx; @@ -183,6 +190,7 @@ err: return(r); } +/* signing */ static int RSA_eay_private_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -218,6 +226,13 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from, if (i <= 0) goto err; if (BN_bin2bn(buf,num,&f) == NULL) goto err; + + if (BN_ucmp(&f, rsa->n) >= 0) + { + /* usually the padding functions would catch this */ + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + goto err; + } if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) RSA_blinding_on(rsa,ctx); @@ -292,6 +307,12 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from, /* make data into a big number */ if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err; + if (BN_ucmp(&f, rsa->n) >= 0) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + goto err; + } + if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) RSA_blinding_on(rsa,ctx); if (rsa->flags & RSA_FLAG_BLINDING) @@ -352,6 +373,7 @@ err: return(r); } +/* signature verification */ static int RSA_eay_public_decrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -383,6 +405,13 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from, } if (BN_bin2bn(from,flen,&f) == NULL) goto err; + + if (BN_ucmp(&f, rsa->n) >= 0) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + goto err; + } + /* do the decrypt */ if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) { diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index 1cde7c0da4..bff7cf5d12 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -106,6 +106,7 @@ static ERR_STRING_DATA RSA_str_reasons[]= {RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"}, {RSA_R_DATA_TOO_LARGE ,"data too large"}, {RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, +{RSA_R_DATA_TOO_LARGE_FOR_MODULUS ,"data too large for modulus"}, {RSA_R_DATA_TOO_SMALL ,"data too small"}, {RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"}, {RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"},