From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 25 Jul 2013 17:30:46 +0000 (+0100)
Subject: rsa.c: Replace the magic length 1024 with a (larger) constant.
X-Git-Tag: debian/0.3.0_beta2~40
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=commitdiff_plain;h=9941ae2e1f8bd7cb5771527b41d6a2032cd6580f;hp=2cd2cf055c0c424f60751f7ac4007771e377f262;ds=sidebyside

rsa.c: Replace the magic length 1024 with a (larger) constant.

While 15360-bit RSA keys are rather large, they're not completely beyond
the realms of possibility and it seems unreasonable to forbid
them.  (Specifically, 15360 is the length recommended by NIST for
256-bit security levels.)

Signed-off-by: Mark Wooding <mdw@distorted.org.uk>
---

diff --git a/rsa.c b/rsa.c
index 0ca5d19..2db03c9 100644
--- a/rsa.c
+++ b/rsa.c
@@ -34,12 +34,18 @@ struct rsapub {
 };
 /* Sign data. NB data must be smaller than modulus */
 
+#define RSA_MAX_MODBYTES 2048
+/* The largest modulus I've seen is 15360 bits, which works out at 1920
+ * bytes.  Using keys this big is quite implausible, but it doesn't cost us
+ * much to support them.
+ */
+
 static const char *hexchars="0123456789abcdef";
 
 static void emsa_pkcs1(MP_INT *n, MP_INT *m,
 		       const uint8_t *data, int32_t datalen)
 {
-    char buff[2048];
+    char buff[2*RSA_MAX_MODBYTES + 1];
     int msize, i;
 
     /* RSA PKCS#1 v1.5 signature padding:
@@ -296,7 +302,7 @@ static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
     /* Read the public key */
     keyfile_get_int(loc,f); /* Not sure what this is */
     length=(keyfile_get_short(loc,f)+7)/8;
-    if (length>1024) {
+    if (length>RSA_MAX_MODBYTES) {
 	cfgfatal(loc,"rsa-private","implausible length %ld for modulus\n",
 		 length);
     }
@@ -308,7 +314,7 @@ static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
     read_mpbin(&st->n,b,length);
     free(b);
     length=(keyfile_get_short(loc,f)+7)/8;
-    if (length>1024) {
+    if (length>RSA_MAX_MODBYTES) {
 	cfgfatal(loc,"rsa-private","implausible length %ld for e\n",length);
     }
     b=safe_malloc(length,"rsapriv_apply");
@@ -339,7 +345,7 @@ static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
 
     /* Read d */
     length=(keyfile_get_short(loc,f)+7)/8;
-    if (length>1024) {
+    if (length>RSA_MAX_MODBYTES) {
 	cfgfatal(loc,"rsa-private","implausibly long (%ld) decryption key\n",
 		 length);
     }
@@ -353,7 +359,7 @@ static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
     free(b);
     /* Read iqmp (inverse of q mod p) */
     length=(keyfile_get_short(loc,f)+7)/8;
-    if (length>1024) {
+    if (length>RSA_MAX_MODBYTES) {
 	cfgfatal(loc,"rsa-private","implausibly long (%ld)"
 		 " iqmp auxiliary value\n", length);
     }
@@ -367,7 +373,7 @@ static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
     free(b);
     /* Read q (the smaller of the two primes) */
     length=(keyfile_get_short(loc,f)+7)/8;
-    if (length>1024) {
+    if (length>RSA_MAX_MODBYTES) {
 	cfgfatal(loc,"rsa-private","implausibly long (%ld) q value\n",
 		 length);
     }
@@ -381,7 +387,7 @@ static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
     free(b);
     /* Read p (the larger of the two primes) */
     length=(keyfile_get_short(loc,f)+7)/8;
-    if (length>1024) {
+    if (length>RSA_MAX_MODBYTES) {
 	cfgfatal(loc,"rsa-private","implausibly long (%ld) p value\n",
 		 length);
     }