Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
libnettle.19993
libnettle-CVE-2021-3580.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libnettle-CVE-2021-3580.patch of Package libnettle.19993
From 0ad0b5df315665250dfdaa4a1e087f4799edaefe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se> Date: Mon, 17 May 2021 22:03:14 +0200 Subject: [PATCH] Add input check to rsa_decrypt family of functions. --- rsa-decrypt-tr.c | 4 ++++ rsa-decrypt.c | 10 ++++++++++ rsa.h | 5 +++-- testsuite/rsa-encrypt-test.c | 38 ++++++++++++++++++++++++++++++------ 6 files changed, 61 insertions(+), 8 deletions(-) Index: nettle-2.7.1/rsa-decrypt-tr.c =================================================================== --- nettle-2.7.1.orig/rsa-decrypt-tr.c +++ nettle-2.7.1/rsa-decrypt-tr.c @@ -43,6 +43,10 @@ rsa_decrypt_tr(const struct rsa_public_k mpz_t m, ri; int res; + /* First check that input is in range. */ + if (mpz_sgn (gibberish) < 0 || mpz_cmp (gibberish, pub->n) >= 0) + return 0; + mpz_init_set(m, gibberish); mpz_init (ri); Index: nettle-2.7.1/rsa-decrypt.c =================================================================== --- nettle-2.7.1.orig/rsa-decrypt.c +++ nettle-2.7.1/rsa-decrypt.c @@ -40,6 +40,16 @@ rsa_decrypt(const struct rsa_private_key int res; mpz_init(m); + + /* First check that input is in range. Since we don't have the + public key available here, we need to reconstruct n. */ + mpz_mul (m, key->p, key->q); + if (mpz_sgn (gibberish) < 0 || mpz_cmp (gibberish, m) >= 0) + { + mpz_clear (m); + return 0; + } + rsa_compute_root(key, m, gibberish); res = pkcs1_decrypt (key->size, m, length, message); Index: nettle-2.7.1/rsa.h =================================================================== --- nettle-2.7.1.orig/rsa.h +++ nettle-2.7.1/rsa.h @@ -302,7 +302,8 @@ rsa_decrypt_tr(const struct rsa_public_k unsigned *length, uint8_t *message, const mpz_t gibberish); -/* Compute x, the e:th root of m. Calling it with x == m is allowed. */ +/* Compute x, the e:th root of m. Calling it with x == m is allowed. + It is required that 0 <= m < n. */ void rsa_compute_root(const struct rsa_private_key *key, mpz_t x, const mpz_t m); Index: nettle-2.7.1/testsuite/rsa-encrypt-test.c =================================================================== --- nettle-2.7.1.orig/testsuite/rsa-encrypt-test.c +++ nettle-2.7.1/testsuite/rsa-encrypt-test.c @@ -19,10 +19,13 @@ test_main(void) uint8_t after; mpz_t gibberish; + mpz_t bad_input; + mpz_t zero; rsa_private_key_init(&key); rsa_public_key_init(&pub); mpz_init(gibberish); + mpz_init(bad_input); knuth_lfib_init(&lfib, 17); @@ -78,9 +81,48 @@ test_main(void) ASSERT(MEMEQ(msg_length, msg, decrypted)); ASSERT(decrypted[msg_length] == after); + /* Test zero input. */ + mpz_set_ui (bad_input, 0); + decrypted_length = msg_length; + ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, bad_input)); + ASSERT(!rsa_decrypt_tr(&pub, &key, + &lfib, (nettle_random_func *) knuth_lfib_random, + &decrypted_length, decrypted, bad_input)); + ASSERT(decrypted_length == msg_length); + + /* Test input that is slightly larger than n */ + mpz_add(bad_input, gibberish, pub.n); + decrypted_length = msg_length; + ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, bad_input)); + ASSERT(!rsa_decrypt_tr(&pub, &key, + &lfib, (nettle_random_func *) knuth_lfib_random, + &decrypted_length, decrypted, bad_input)); + ASSERT(decrypted_length == msg_length); + + /* Test input that is considerably larger than n */ + mpz_mul_2exp (bad_input, pub.n, 100); + mpz_add (bad_input, bad_input, gibberish); + decrypted_length = msg_length; + ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, bad_input)); + ASSERT(!rsa_decrypt_tr(&pub, &key, + &lfib, (nettle_random_func *) knuth_lfib_random, + &decrypted_length, decrypted, bad_input)); + ASSERT(decrypted_length == msg_length); + + /* Test zero input. */ + mpz_init_set_ui (zero, 0); + decrypted_length = msg_length; + ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, zero)); + ASSERT(!rsa_decrypt_tr(&pub, &key, + &lfib, (nettle_random_func *) knuth_lfib_random, + &decrypted_length, decrypted, zero)); + ASSERT(decrypted_length == msg_length); + rsa_private_key_clear(&key); rsa_public_key_clear(&pub); mpz_clear(gibberish); + mpz_clear(bad_input); + mpz_clear(zero); free(decrypted); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor