Commit 060c5687 authored by Paul Bakker's avatar Paul Bakker
Browse files

- Fixed possible heap overflow in pkcs1_decrypt on data larger than output

   buffer after padding. For instance the premaster decryption in
   ssl_parse_client_key_exchange() in ssl_serv.c (Thanks to Christophe
   Devine)
parent c32c6b56
......@@ -31,6 +31,7 @@
#define POLARSSL_ERR_RSA_PUBLIC_FAILED -0x0440
#define POLARSSL_ERR_RSA_PRIVATE_FAILED -0x0450
#define POLARSSL_ERR_RSA_VERIFY_FAILED -0x0460
#define POLARSSL_ERR_RSA_OUTPUT_TO_LARGE -0x0470
/*
* PKCS#1 constants
......@@ -216,16 +217,19 @@ int rsa_pkcs1_encrypt( rsa_context *ctx,
* \param input buffer holding the encrypted data
* \param output buffer that will hold the plaintext
* \param olen will contain the plaintext length
* \param output_max_len maximum length of the output buffer
*
* \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
*
* \note The output buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
* of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
* an error is thrown.
*/
int rsa_pkcs1_decrypt( rsa_context *ctx,
int mode, int *olen,
unsigned char *input,
unsigned char *output );
unsigned char *output,
int output_max_len);
/**
* \brief Do a private RSA to sign a message digest
......
......@@ -328,7 +328,8 @@ int rsa_pkcs1_encrypt( rsa_context *ctx,
int rsa_pkcs1_decrypt( rsa_context *ctx,
int mode, int *olen,
unsigned char *input,
unsigned char *output )
unsigned char *output,
int output_max_len)
{
int ret, ilen;
unsigned char *p;
......@@ -369,6 +370,9 @@ int rsa_pkcs1_decrypt( rsa_context *ctx,
return( POLARSSL_ERR_RSA_INVALID_PADDING );
}
if (ilen - (int)(p - buf) > output_max_len)
return( POLARSSL_ERR_RSA_OUTPUT_TO_LARGE );
*olen = ilen - (int)(p - buf);
memcpy( output, p, *olen );
......@@ -677,7 +681,8 @@ int rsa_self_test( int verbose )
printf( "passed\n PKCS#1 decryption : " );
if( rsa_pkcs1_decrypt( &rsa, RSA_PRIVATE, &len,
rsa_ciphertext, rsa_decrypted ) != 0 )
rsa_ciphertext, rsa_decrypted,
sizeof(rsa_decrypted) ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
......
......@@ -726,7 +726,8 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
}
ret = rsa_pkcs1_decrypt( ssl->rsa_key, RSA_PRIVATE, &ssl->pmslen,
ssl->in_msg + i, ssl->premaster );
ssl->in_msg + i, ssl->premaster,
sizeof(ssl->premaster) );
if( ret != 0 || ssl->pmslen != 48 ||
ssl->premaster[0] != ssl->max_major_ver ||
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment