nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

rsa_verify: fix assertion if p,q are different lengths.

Browse Source 
The mp_cond_swap that sorts the key's factors into p>q order only
works if the mp_int representations of p and q have the same nw. It's
unusual but by no means illegal for an RSA key to be the product of
wildly different-length primes, so we should cope. Now we sort p and q
by using mp_min and mp_max.
This commit is contained in:
Simon Tatham 2019-01-29 20:03:10 +00:00
parent d4ad7272fd
commit 9e6669d30a
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sshrsa.c
View File

@ -328,9 +328,12 @@ bool rsa_verify(RSAKey *key)
* should instead flip them round into the canonical order of
* p > q. This also involves regenerating iqmp.
*/
unsigned swap_pq = mp_cmp_hs(key->q, key->p);
mp_cond_swap(key->p, key->q, swap_pq);
mp_free(key->iqmp);
mp_int *p_new = mp_max(key->p, key->q);
mp_int *q_new = mp_min(key->p, key->q);
mp_free(key->p);
mp_free(key->q);
key->p = p_new;
key->q = q_new;
key->iqmp = mp_invert(key->q, key->p);
return ok;