Preserve old behavior by checking public key in RSA parsing function

The function `pk_get_rsapubkey` originally performed some basic
sanity checks (e.g. on the size of public exponent) on the parsed
RSA public key by a call to `mbedtls_rsa_check_pubkey`.
This check was dropped because it is not possible to thoroughly
check full parameter sanity (i.e. that (-)^E is a bijection on Z/NZ).

Still, for the sake of not silently changing existing behavior,
this commit puts back the call to `mbedtls_rsa_check_pubkey`.
This commit is contained in:
Hanno Becker 2018-01-05 08:08:09 +00:00
parent efeef6cf03
commit 895c5ab88e

View file

@ -543,8 +543,11 @@ static int pk_get_rsapubkey( unsigned char **p,
*p += len;
if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
if( mbedtls_rsa_complete( rsa ) != 0 ||
mbedtls_rsa_check_pubkey( rsa ) != 0 )
{
return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
}
if( *p != end )
return( MBEDTLS_ERR_PK_INVALID_PUBKEY +