mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
Fix assertion failure in rsa_verify.
If a malformed private key (received through any channel, whether loaded from a disk file or over the wire by Pageant) specifies either of the modulus's prime factors p or q as 1, then when rsa_verify tries to check that e*d is congruent to 1 mod (p-1) and mod (q-1), that check will involve a division by zero, which in this context means failing an assertion in mp_divmod. We were already doing a preliminary check that neither of p and q was actually zero. Now that check is strengthened to check that p-1 and q-1 are not zero either.
This commit is contained in:
parent
5f204d1ef1
commit
4b8aad76f8
7
sshrsa.c
7
sshrsa.c
@ -296,8 +296,11 @@ bool rsa_verify(RSAKey *key)
|
|||||||
mp_int *n, *ed, *pm1, *qm1;
|
mp_int *n, *ed, *pm1, *qm1;
|
||||||
unsigned ok = 1;
|
unsigned ok = 1;
|
||||||
|
|
||||||
/* Preliminary checks: p,q must actually be nonzero. */
|
/* Preliminary checks: p,q can't be 0 or 1. (Of course no other
|
||||||
if (mp_eq_integer(key->p, 0) | mp_eq_integer(key->q, 0))
|
* very small value is any good either, but these are the values
|
||||||
|
* we _must_ check for to avoid assertion failures further down
|
||||||
|
* this function.) */
|
||||||
|
if (!(mp_hs_integer(key->p, 2) & mp_hs_integer(key->q, 2)))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
/* n must equal pq. */
|
/* n must equal pq. */
|
||||||
|
Loading…
Reference in New Issue
Block a user