mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
rsa_verify: fix assertion if p,q are different lengths.
The mp_cond_swap that sorts the key's factors into p>q order only works if the mp_int representations of p and q have the same nw. It's unusual but by no means illegal for an RSA key to be the product of wildly different-length primes, so we should cope. Now we sort p and q by using mp_min and mp_max.
This commit is contained in:
parent
d4ad7272fd
commit
9e6669d30a
9
sshrsa.c
9
sshrsa.c
@ -328,9 +328,12 @@ bool rsa_verify(RSAKey *key)
|
||||
* should instead flip them round into the canonical order of
|
||||
* p > q. This also involves regenerating iqmp.
|
||||
*/
|
||||
unsigned swap_pq = mp_cmp_hs(key->q, key->p);
|
||||
mp_cond_swap(key->p, key->q, swap_pq);
|
||||
mp_free(key->iqmp);
|
||||
mp_int *p_new = mp_max(key->p, key->q);
|
||||
mp_int *q_new = mp_min(key->p, key->q);
|
||||
mp_free(key->p);
|
||||
mp_free(key->q);
|
||||
key->p = p_new;
|
||||
key->q = q_new;
|
||||
key->iqmp = mp_invert(key->q, key->p);
|
||||
|
||||
return ok;
|
||||
|
Loading…
Reference in New Issue
Block a user