From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 25 Jul 2013 17:30:46 +0000 (+0100)
Subject: rsa.c: Check public key length.
X-Git-Tag: debian/0.3.0_beta2~39
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=commitdiff_plain;h=f15aefe4e0bb264fc1ceac17c7bbe1a534d190c9;hp=9941ae2e1f8bd7cb5771527b41d6a2032cd6580f

rsa.c: Check public key length.

The private key is checked quite carefully -- even to a fault -- for
being sensibly sized, but the corresponding function for public keys
appears to have no checking at all.  This is a shame since message-
representative construction assumes that the message representative will
fit in a fixed-size buffer.

Fix this situation by checking public key sizes in `rsapub_apply'.

Signed-off-by: Mark Wooding <mdw@distorted.org.uk>
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---

diff --git a/rsa.c b/rsa.c
index 2db03c9..f7dd69d 100644
--- a/rsa.c
+++ b/rsa.c
@@ -199,6 +199,9 @@ static list_t *rsapub_apply(closure_t *self, struct cloc loc, dict_t *context,
     } else {
 	cfgfatal(loc,"rsa-public","you must provide an encryption key\n");
     }
+    if (mpz_sizeinbase(&st->e, 256) > RSA_MAX_MODBYTES) {
+	cfgfatal(loc, "rsa-public", "implausibly large public exponent\n");
+    }
     
     i=list_elem(args,1);
     if (i) {
@@ -213,6 +216,9 @@ static list_t *rsapub_apply(closure_t *self, struct cloc loc, dict_t *context,
     } else {
 	cfgfatal(loc,"rsa-public","you must provide a modulus\n");
     }
+    if (mpz_sizeinbase(&st->n, 256) > RSA_MAX_MODBYTES) {
+	cfgfatal(loc, "rsa-public", "implausibly large modulus\n");
+    }
     return new_closure(&st->cl);
 }