diff options
| author | Maxim Cournoyer <[email protected]> | 2021-10-01 17:10:49 -0400 |
|---|---|---|
| committer | Maxim Cournoyer <[email protected]> | 2021-10-01 17:10:49 -0400 |
| commit | 2e65e4834a226c570866f2e8976ed7f252b45cd1 (patch) | |
| tree | 21d625bce8d03627680214df4a6622bf8eb79dc9 /gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch | |
| parent | 9c68ecb24dd1660ce736cdcdea0422a73ec318a2 (diff) | |
| parent | f1a3c11407b52004e523ec5de20d326c5661681f (diff) | |
Merge remote-tracking branch 'origin/master' into staging
With resolved conflicts in:
gnu/packages/bittorrent.scm
gnu/packages/databases.scm
gnu/packages/geo.scm
gnu/packages/gnupg.scm
gnu/packages/gstreamer.scm
gnu/packages/gtk.scm
gnu/packages/linux.scm
gnu/packages/python-xyz.scm
gnu/packages/xorg.scm
guix/build/qt-utils.scm
Diffstat (limited to 'gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch')
| -rw-r--r-- | gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch b/gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch new file mode 100644 index 0000000000..297816e698 --- /dev/null +++ b/gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch @@ -0,0 +1,78 @@ +Copied from upstream nettle git repository. +Removed changes to ChangeLog, to allow this patch to apply to nettle-3.5. + +From 7616541e6eff73353bf682c62e3a68e4fe696707 Mon Sep 17 00:00:00 2001 +From: Niels Möller <[email protected]> +Date: Thu, 6 May 2021 21:29:56 +0200 +Subject: [PATCH] Add check that message length to _pkcs1_sec_decrypt is valid. + +* pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt): Check that message +length is valid, for given key size. +* testsuite/rsa-sec-decrypt-test.c (test_main): Add test cases for +calls to rsa_sec_decrypt specifying a too large message length. +--- + ChangeLog | 7 +++++++ + pkcs1-sec-decrypt.c | 4 +++- + testsuite/rsa-sec-decrypt-test.c | 17 ++++++++++++++++- + 3 files changed, 26 insertions(+), 2 deletions(-) + +diff --git a/pkcs1-sec-decrypt.c b/pkcs1-sec-decrypt.c +index 4f13080e..16833691 100644 +--- a/pkcs1-sec-decrypt.c ++++ b/pkcs1-sec-decrypt.c +@@ -63,7 +63,9 @@ _pkcs1_sec_decrypt (size_t length, uint8_t *message, + volatile int ok; + size_t i, t; + +- assert (padded_message_length >= length); ++ /* Message independent branch */ ++ if (length + 11 > padded_message_length) ++ return 0; + + t = padded_message_length - length - 1; + +diff --git a/testsuite/rsa-sec-decrypt-test.c b/testsuite/rsa-sec-decrypt-test.c +index fb0ed3a1..3419322e 100644 +--- a/testsuite/rsa-sec-decrypt-test.c ++++ b/testsuite/rsa-sec-decrypt-test.c +@@ -55,6 +55,7 @@ rsa_decrypt_for_test(const struct rsa_public_key *pub, + #endif + + #define PAYLOAD_SIZE 50 ++#define DECRYPTED_SIZE 256 + void + test_main(void) + { +@@ -63,7 +64,7 @@ test_main(void) + struct knuth_lfib_ctx random_ctx; + + uint8_t plaintext[PAYLOAD_SIZE]; +- uint8_t decrypted[PAYLOAD_SIZE]; ++ uint8_t decrypted[DECRYPTED_SIZE]; + uint8_t verifybad[PAYLOAD_SIZE]; + unsigned n_size = 1024; + mpz_t gibberish; +@@ -99,6 +100,20 @@ test_main(void) + PAYLOAD_SIZE, decrypted, gibberish) == 1); + ASSERT (MEMEQ (PAYLOAD_SIZE, plaintext, decrypted)); + ++ ASSERT (pub.size > 10); ++ ASSERT (pub.size <= DECRYPTED_SIZE); ++ ++ /* Check that too large message length is rejected, largest ++ valid size is pub.size - 11. */ ++ ASSERT (!rsa_decrypt_for_test (&pub, &key, &random_ctx, ++ (nettle_random_func *) knuth_lfib_random, ++ pub.size - 10, decrypted, gibberish)); ++ ++ /* This case used to result in arithmetic underflow and a crash. */ ++ ASSERT (!rsa_decrypt_for_test (&pub, &key, &random_ctx, ++ (nettle_random_func *) knuth_lfib_random, ++ pub.size, decrypted, gibberish)); ++ + /* bad one */ + memcpy(decrypted, verifybad, PAYLOAD_SIZE); + nettle_mpz_random_size(garbage, &random_ctx, +-- +2.31.1 + |