[openssl-dev] [openssl.org #4148] PCKS1 type 1 Padding check error

Wed, 18 Nov 2015 07:26:01 -0800 

Dear List,
I have found a BUG in the function
" RSA_padding_check_PKCS1_type_1 "

The bug is reproducible in OpenSSL Versions 1.0.1e , 1.0.1p ,  1.0.1k and also 
in 1.0.2d (these are the versions I've tried) . After Inspecting the source 
code the bug can still be found in the actual development branch.

Description:
When a correctly formatted PKCS1 Type 1 data string is given to the method " 
RSA_padding_check_PKCS1_type_1 " it always results in:

OpenSSLError: Code:67567722 in file:rsa_pk1.c line:102.
OpenSSLError: Error Message: error:0407006A:rsa 
routines:RSA_padding_check_PKCS1_type_1:block type is not 01

Even when the message was originally padded by the corresponding OpenSSL 
Padding Function " RSA_padding_add_PKCS1_type_1"  the same error occurs.

Cause:
In the File crypto/rsa/rsa_pk1.c
Following check is made to determine the Block type of the padding string
                const unsigned char *p;
                p=from;
                if ((num != (flen+1)) || (*(p++) != 01))

the pointer p is incremented after the check therefore p is always the first 
octet of the padded string. In the Case of PKCS1 type 1 padding  always p=0, 
hence the error.
Notes:
Changing the check  to
if ((num != (flen+1)) || (*(++p) != 01))
results also in a failure since the next check of p expects p to be "0xff" .

Fix:
Adding an increment before the check:

const unsigned char *p;
p=from;
p++;  //NEW
if ((num != (flen+1)) || (*(p++) != 01))

fixes the problem.

Question:
What does the the first part of the Check , check exactly ?
Ie:
num != (flen+1)
 num being rsa_size and flen the length of the buffer where the message is 
stored.

Thanks




Dipl.-Inf T. Jonas Özgan
Cyber Analysis & Defense Department
Fraunhofer Institute for Communication, Information Processing and Ergonomics 
(FKIE)
Fraunhoferstr. 20 | 53343 Wachtberg  | Germany
Tel: +49 228 9435-513 | Fax +49 228 9435-685
http://www.fkie.fraunhofer.de



_______________________________________________
openssl-bugs-mod mailing list
[email protected]
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to