8000 cleanup RSA PKCS#1 v1.5 signature verification (CVE-2021-30130) by terrafrost · Pull Request #1635 · phpseclib/phpseclib · GitHub
[go: up one dir, main page]
Skip to content

cleanup RSA PKCS#1 v1.5 signature verification (CVE-2021-30130) #1635

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Apr 6, 2021
Merged

cleanup RSA PKCS#1 v1.5 signature verification (CVE-2021-30130) #1635

merged 16 commits into from
Apr 6, 2021

Conversation

terrafrost
Copy link
Member

No description provided.

terrafrost added 16 commits April 2, 2021 11:00
@terrafrost terrafrost merged commit 05550b9 into phpseclib:1.0 Apr 6, 2021
sumityadav added a commit to sumityadav/security-advisories that referenced this pull request Apr 13, 2021
@sumityadav
Create CVE-2021-30130.yaml
ae07e18 
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-30130
phpseclib/phpseclib#1635
https://github.com/phpseclib/phpseclib/releases/tag/2.0.31
https://github.com/phpseclib/phpseclib/releases/tag/3.0.7
@sumityadav sumityadav mentioned this pull request Apr 13, 2021
Merged
@MrPetovan
Copy link

Is this going to be fixed in the version 2.0 branch? We're using version 2.0.4 over at https://github.com/friendica/friendica-addons and I would prefer not have to either downgrade to version 2.0.31 or figure out if we can use version 3.0.7.

@MrPetovan MrPetovan mentioned this pull request Apr 26, 2021
Closed
@terrafrost
Copy link
Member Author
terrafrost commented Apr 26, 2021
edited
Loading

@MrPetovan :

First, the fix is in the 2.0 branch. The release that contains this has been tagged as 2.0.31, which is not a downgrade from 2.0.4 - it's an upgrade.

Second, the only vulnerabilities are in the 3.0 branch. Quoting the disclosure (which I can send to you if you'd like; I kinda wish the author would make it public but whatever):

In short, we have found 4 leniencies in phpseclib v3 (relaxed mode)'s RSA PKCS#1 v1.5 signature verification (2 vulnerabilities with Bleichenbacher-style low public exponent RSA Signature Forgery and 2 bugs causing interoperability issue [accepting invalid signature value that should have been rejected]). We have also found incompatibility issue in phpseclib v1, v2, v3 (strict mode)'s RSA PKCS#1 v1.5 signature verification suffering from rejecting valid signatures whose encoded message uses implicit hash algorithm's NULL parameter.

So to sum it up, there were five issues total.

  1. Two were vulnerabilities in v3.0 involving the new RSA::SIGNATURE_RELAXED_PKCS1 mode (which doesn't exist in 2.0)
  2. Two were bugs in v3.0 involving the new RSA::SIGNATURE_RELAXED_PKCS1 mode (which again, doesn't exist in 2.0)
  3. One was a bug in v1.0, v2.0 and v3.0.

In other words, v2.0 does not have a vulnerability, according to the original paper.

@MrPetovan
Copy link

Thank you so much for the answer, for some reason I read 2.0.31 as 2.0.3.1 which would have made it a downgrade from 2.0.4. Sorry about the confusion.

@hairmare hairmare mentioned this pull request Nov 7, 2021
Merged
@terrafrost
Copy link
Member Author

Altho phpseclib isn't mentioned in it, https://myweb.uiowa.edu/yahyazadeh/files/pkcs1v1_5-ndss19.pdf talks about the kinds of issues that this PR addresses. The reporter of these issues is one of the authors of that paper

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@terrafrost @MrPetovan
0