diff options
author | Marius Bakke <marius@gnu.org> | 2021-06-19 17:38:47 +0200 |
---|---|---|
committer | Marius Bakke <marius@gnu.org> | 2021-06-19 17:38:47 +0200 |
commit | 6f9a80b331ae41d142a49fbeb94b90ee587b6155 (patch) | |
tree | 2da042a6ccf5368c73d6e3d54c2ee02a62d284e4 /gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch | |
parent | 6500c9a5b364616e38a7e03aa4516fc2d7cee876 (diff) | |
parent | dece03e2b98fc1c2428c2448ce5792f813eb79bf (diff) |
Merge branch 'master' into core-updates
Note: this merge actually changes the 'curl' and 'python-attrs' derivations,
as part of solving caf4a7a2770ef4d05a6e18f40d602e51da749ddc and
12964df69a99de6190422c752fef65ef813f3b6b respectively.
4604d43c0e (gnu: gnutls@3.6.16: Fix cross-compilation.) was ignored because it
cannot currently be tested.
Conflicts:
gnu/local.mk
gnu/packages/aidc.scm
gnu/packages/boost.scm
gnu/packages/curl.scm
gnu/packages/nettle.scm
gnu/packages/networking.scm
gnu/packages/python-xyz.scm
gnu/packages/tls.scm
Diffstat (limited to 'gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch')
-rw-r--r-- | gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch b/gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch new file mode 100644 index 0000000000..297816e698 --- /dev/null +++ b/gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch @@ -0,0 +1,78 @@ +Copied from upstream nettle git repository. +Removed changes to ChangeLog, to allow this patch to apply to nettle-3.5. + +From 7616541e6eff73353bf682c62e3a68e4fe696707 Mon Sep 17 00:00:00 2001 +From: Niels Möller <nisse@lysator.liu.se> +Date: Thu, 6 May 2021 21:29:56 +0200 +Subject: [PATCH] Add check that message length to _pkcs1_sec_decrypt is valid. + +* pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt): Check that message +length is valid, for given key size. +* testsuite/rsa-sec-decrypt-test.c (test_main): Add test cases for +calls to rsa_sec_decrypt specifying a too large message length. +--- + ChangeLog | 7 +++++++ + pkcs1-sec-decrypt.c | 4 +++- + testsuite/rsa-sec-decrypt-test.c | 17 ++++++++++++++++- + 3 files changed, 26 insertions(+), 2 deletions(-) + +diff --git a/pkcs1-sec-decrypt.c b/pkcs1-sec-decrypt.c +index 4f13080e..16833691 100644 +--- a/pkcs1-sec-decrypt.c ++++ b/pkcs1-sec-decrypt.c +@@ -63,7 +63,9 @@ _pkcs1_sec_decrypt (size_t length, uint8_t *message, + volatile int ok; + size_t i, t; + +- assert (padded_message_length >= length); ++ /* Message independent branch */ ++ if (length + 11 > padded_message_length) ++ return 0; + + t = padded_message_length - length - 1; + +diff --git a/testsuite/rsa-sec-decrypt-test.c b/testsuite/rsa-sec-decrypt-test.c +index fb0ed3a1..3419322e 100644 +--- a/testsuite/rsa-sec-decrypt-test.c ++++ b/testsuite/rsa-sec-decrypt-test.c +@@ -55,6 +55,7 @@ rsa_decrypt_for_test(const struct rsa_public_key *pub, + #endif + + #define PAYLOAD_SIZE 50 ++#define DECRYPTED_SIZE 256 + void + test_main(void) + { +@@ -63,7 +64,7 @@ test_main(void) + struct knuth_lfib_ctx random_ctx; + + uint8_t plaintext[PAYLOAD_SIZE]; +- uint8_t decrypted[PAYLOAD_SIZE]; ++ uint8_t decrypted[DECRYPTED_SIZE]; + uint8_t verifybad[PAYLOAD_SIZE]; + unsigned n_size = 1024; + mpz_t gibberish; +@@ -99,6 +100,20 @@ test_main(void) + PAYLOAD_SIZE, decrypted, gibberish) == 1); + ASSERT (MEMEQ (PAYLOAD_SIZE, plaintext, decrypted)); + ++ ASSERT (pub.size > 10); ++ ASSERT (pub.size <= DECRYPTED_SIZE); ++ ++ /* Check that too large message length is rejected, largest ++ valid size is pub.size - 11. */ ++ ASSERT (!rsa_decrypt_for_test (&pub, &key, &random_ctx, ++ (nettle_random_func *) knuth_lfib_random, ++ pub.size - 10, decrypted, gibberish)); ++ ++ /* This case used to result in arithmetic underflow and a crash. */ ++ ASSERT (!rsa_decrypt_for_test (&pub, &key, &random_ctx, ++ (nettle_random_func *) knuth_lfib_random, ++ pub.size, decrypted, gibberish)); ++ + /* bad one */ + memcpy(decrypted, verifybad, PAYLOAD_SIZE); + nettle_mpz_random_size(garbage, &random_ctx, +-- +2.31.1 + |