lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Preserve old behavior by checking public key in RSA parsing function

Browse Source 
The function `pk_get_rsapubkey` originally performed some basic
sanity checks (e.g. on the size of public exponent) on the parsed
RSA public key by a call to `mbedtls_rsa_check_pubkey`.
This check was dropped because it is not possible to thoroughly
check full parameter sanity (i.e. that (-)^E is a bijection on Z/NZ).

Still, for the sake of not silently changing existing behavior,
this commit puts back the call to `mbedtls_rsa_check_pubkey`.
This commit is contained in:
Hanno Becker
2018-01-05 08:08:09 +00:00
parent efeef6cf03
commit 895c5ab88e
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
library/pkparse.c
View File

@ -543,8 +543,11 @@ static int pk_get_rsapubkey( unsigned char **p,
*p += len; *p += len;
if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 ) if( mbedtls_rsa_complete( rsa ) != 0 ||
mbedtls_rsa_check_pubkey( rsa ) != 0 )
{
return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
}
if( *p != end ) if( *p != end )
return( MBEDTLS_ERR_PK_INVALID_PUBKEY + return( MBEDTLS_ERR_PK_INVALID_PUBKEY +