Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Dmitry Baryshkov
nettle
Commits
5eb30d94
Commit
5eb30d94
authored
Jul 31, 2016
by
Niels Möller
Browse files
Reject invalid RSA keys with even modulo.
parent
b721591c
Changes
3
Hide whitespace changes
Inline
Side-by-side
ChangeLog
View file @
5eb30d94
2016-07-31 Niels Möller <nisse@lysator.liu.se>
* rsa.c (_rsa_check_size): Check that n is odd. Otherwise, using
an invalid key may crash in mpz_powm_sec. Problem reported by
Hanno Böck.
2016-07-13 Niels Möller <nisse@lysator.liu.se>
* bignum.c (nettle_mpz_from_octets): Unconditionally use
...
...
rsa.c
View file @
5eb30d94
...
...
@@ -58,13 +58,18 @@ rsa_public_key_clear(struct rsa_public_key *key)
}
/* Computes the size, in octets, of a the modulo. Returns 0 if the
* modulo is too small to be useful. */
* modulo is too small to be useful, or otherwise appears invalid. */
size_t
_rsa_check_size
(
mpz_t
n
)
{
/* Round upwards */
size_t
size
=
(
mpz_sizeinbase
(
n
,
2
)
+
7
)
/
8
;
size_t
size
;
/* Even moduli are invalid, and not supported by mpz_powm_sec. */
if
(
mpz_even_p
(
n
))
return
0
;
size
=
(
mpz_sizeinbase
(
n
,
2
)
+
7
)
/
8
;
if
(
size
<
RSA_MINIMUM_N_OCTETS
)
return
0
;
...
...
testsuite/rsa-test.c
View file @
5eb30d94
...
...
@@ -57,6 +57,13 @@ test_main(void)
test_rsa_sha512
(
&
pub
,
&
key
,
expected
);
/* Test detection of invalid keys with even modulo */
mpz_clrbit
(
pub
.
n
,
0
);
ASSERT
(
!
rsa_public_key_prepare
(
&
pub
));
mpz_clrbit
(
key
.
p
,
0
);
ASSERT
(
!
rsa_private_key_prepare
(
&
key
));
/* 777-bit key, generated by
*
* lsh-keygen -a rsa -l 777 -f advanced-hex
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment