Catch bad private keys early on.

author Simo Sorce <simo@redhat.com>

Thu, 8 Nov 2018 16:27:05 +0000 (11:27 -0500)

committer Niels Möller <nisse@lysator.liu.se>

Sun, 25 Nov 2018 15:58:55 +0000 (16:58 +0100)
author Simo Sorce <simo@redhat.com>
Thu, 8 Nov 2018 16:27:05 +0000 (11:27 -0500)
committer Niels Möller <nisse@lysator.liu.se>
Sun, 25 Nov 2018 15:58:55 +0000 (16:58 +0100)
diff --git a/rsa-sign.c b/rsa-sign.c

index 48323527dfadad4848170456050c841d8f2f139a..332420fe2b01b0e7cd2c17726d2b6eac31486a6d 100644 (file)
--- a/rsa-sign.c
+++ b/rsa-sign.c
@@ -69,7 +69,13 @@ int
  rsa_private_key_prepare(struct rsa_private_key *key)
  {
    mpz_t n;
-  
+
+  /* A key is invalid if the sizes of q and c are smaller than
+   * the size of n, we rely on that property in calculations so
+   * fail early if that happens. */
+  if (mpz_size (key->q) + mpz_size (key->c) < mpz_size(key->p))
+    return 0;
+
    /* The size of the product is the sum of the sizes of the factors,
     * or sometimes one less. It's possible but tricky to compute the
     * size without computing the full product. */
@@ -80,7 +86,7 @@ rsa_private_key_prepare(struct rsa_private_key *key)
    key->size = _rsa_check_size(n);
  
    mpz_clear(n);
-  
+
    return (key->size > 0);
  }
author	Simo Sorce <simo@redhat.com>
	Thu, 8 Nov 2018 16:27:05 +0000 (11:27 -0500)
committer	Niels Möller <nisse@lysator.liu.se>
	Sun, 25 Nov 2018 15:58:55 +0000 (16:58 +0100)