From 998e6c3d87d35a8728b46985b2f7c220cec21963 Mon Sep 17 00:00:00 2001 Message-Id: <998e6c3d87d35a8728b46985b2f7c220cec21963.1716381800.git.mdw@distorted.org.uk> From: Mark Wooding Date: Thu, 26 May 2016 09:26:09 +0100 Subject: [PATCH] pub/bbs-gen.c, pub/rsa-gen.c: Fail if the generated key is the wrong length. Organization: Straylight/Edgeware From: Mark Wooding --- pub/bbs-gen.c | 3 +++ pub/rsa-gen.c | 2 ++ 2 files changed, 5 insertions(+) diff --git a/pub/bbs-gen.c b/pub/bbs-gen.c index 4796cf5c..fcba8288 100644 --- a/pub/bbs-gen.c +++ b/pub/bbs-gen.c @@ -102,11 +102,14 @@ int bbs_gen(bbs_priv *bp, unsigned nbits, grand *r, unsigned n, /* --- Compute @n@ --- */ bp->n = mp_mul(MP_NEW, bp->p, bp->q); + if (mp_bits(bp->n) != nbits) goto fail_n; mp_drop(x); return (PGEN_DONE); /* --- Tidy up if things went wrong --- */ +fail_n: + mp_drop(bp->n); fail_q: mp_drop(bp->p); fail_p: diff --git a/pub/rsa-gen.c b/pub/rsa-gen.c index c12be18a..de97644c 100644 --- a/pub/rsa-gen.c +++ b/pub/rsa-gen.c @@ -158,6 +158,8 @@ int rsa_gen(rsa_priv *rp, unsigned nbits, grand *r, unsigned n, mp_gcd(&g.g, 0, &rp->d, phi, rp->e); if (!MP_EQ(g.g, MP_ONE) && MP_LEN(rp->d) * 4 > MP_LEN(rp->n) * 3) goto fail_e; + if (mp_bits(rp->n) != nbits) + goto fail_e; /* --- Work out exponent residues --- */ -- [mdw]