generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher

Browse Source 
(CVE-2006-4339)  [Ben Laurie and Google Security Team]

Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
This commit is contained in:
Mark J. Cox
2006-09-05 08:24:14 +00:00
parent 6f414aef0e
commit ffa0407233
6 changed files with 36 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
crypto/rsa/rsa_eay.c
View File

@@ -651,6 +651,15 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
{
case RSA_PKCS1_PADDING:
r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
/* Generally signatures should be at least 2/3 padding, though
this isn't possible for really short keys and some standard
signature schemes, so don't check if the unpadded data is
small. */
if(r > 42 && 3*8*r >= BN_num_bits(rsa->n))
{
RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PKCS1_PADDING_TOO_SHORT);
goto err;
}
break;
case RSA_NO_PADDING:
r=RSA_padding_check_none(to,num,buf,i,num);