While 15360-bit RSA keys are rather large, they're not completely beyond
the realms of possibility and it seems unreasonable to forbid
them. (Specifically, 15360 is the length recommended by NIST for
256-bit security levels.)
Signed-off-by: Mark Wooding <mdw@distorted.org.uk>
};
/* Sign data. NB data must be smaller than modulus */
};
/* Sign data. NB data must be smaller than modulus */
+#define RSA_MAX_MODBYTES 2048
+/* The largest modulus I've seen is 15360 bits, which works out at 1920
+ * bytes. Using keys this big is quite implausible, but it doesn't cost us
+ * much to support them.
+ */
+
static const char *hexchars="0123456789abcdef";
static void emsa_pkcs1(MP_INT *n, MP_INT *m,
const uint8_t *data, int32_t datalen)
{
static const char *hexchars="0123456789abcdef";
static void emsa_pkcs1(MP_INT *n, MP_INT *m,
const uint8_t *data, int32_t datalen)
{
+ char buff[2*RSA_MAX_MODBYTES + 1];
int msize, i;
/* RSA PKCS#1 v1.5 signature padding:
int msize, i;
/* RSA PKCS#1 v1.5 signature padding:
/* Read the public key */
keyfile_get_int(loc,f); /* Not sure what this is */
length=(keyfile_get_short(loc,f)+7)/8;
/* Read the public key */
keyfile_get_int(loc,f); /* Not sure what this is */
length=(keyfile_get_short(loc,f)+7)/8;
+ if (length>RSA_MAX_MODBYTES) {
cfgfatal(loc,"rsa-private","implausible length %ld for modulus\n",
length);
}
cfgfatal(loc,"rsa-private","implausible length %ld for modulus\n",
length);
}
read_mpbin(&st->n,b,length);
free(b);
length=(keyfile_get_short(loc,f)+7)/8;
read_mpbin(&st->n,b,length);
free(b);
length=(keyfile_get_short(loc,f)+7)/8;
+ if (length>RSA_MAX_MODBYTES) {
cfgfatal(loc,"rsa-private","implausible length %ld for e\n",length);
}
b=safe_malloc(length,"rsapriv_apply");
cfgfatal(loc,"rsa-private","implausible length %ld for e\n",length);
}
b=safe_malloc(length,"rsapriv_apply");
/* Read d */
length=(keyfile_get_short(loc,f)+7)/8;
/* Read d */
length=(keyfile_get_short(loc,f)+7)/8;
+ if (length>RSA_MAX_MODBYTES) {
cfgfatal(loc,"rsa-private","implausibly long (%ld) decryption key\n",
length);
}
cfgfatal(loc,"rsa-private","implausibly long (%ld) decryption key\n",
length);
}
free(b);
/* Read iqmp (inverse of q mod p) */
length=(keyfile_get_short(loc,f)+7)/8;
free(b);
/* Read iqmp (inverse of q mod p) */
length=(keyfile_get_short(loc,f)+7)/8;
+ if (length>RSA_MAX_MODBYTES) {
cfgfatal(loc,"rsa-private","implausibly long (%ld)"
" iqmp auxiliary value\n", length);
}
cfgfatal(loc,"rsa-private","implausibly long (%ld)"
" iqmp auxiliary value\n", length);
}
free(b);
/* Read q (the smaller of the two primes) */
length=(keyfile_get_short(loc,f)+7)/8;
free(b);
/* Read q (the smaller of the two primes) */
length=(keyfile_get_short(loc,f)+7)/8;
+ if (length>RSA_MAX_MODBYTES) {
cfgfatal(loc,"rsa-private","implausibly long (%ld) q value\n",
length);
}
cfgfatal(loc,"rsa-private","implausibly long (%ld) q value\n",
length);
}
free(b);
/* Read p (the larger of the two primes) */
length=(keyfile_get_short(loc,f)+7)/8;
free(b);
/* Read p (the larger of the two primes) */
length=(keyfile_get_short(loc,f)+7)/8;
+ if (length>RSA_MAX_MODBYTES) {
cfgfatal(loc,"rsa-private","implausibly long (%ld) p value\n",
length);
}
cfgfatal(loc,"rsa-private","implausibly long (%ld) p value\n",
length);
}
~ian / secnet.git / commitdiff