mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
sshrsa.c now obeys the RFC793 Robustness Principle when it comes to
the ordering of the primes in a fully specified RSA private key: when the key format typically has p > q, it will always output p > q but be willing to tolerate p < q on input. (Inspired by seeing an OpenSSH-format key file in the wild which had p < q, which I've never seen before; I suspect a third-party application incautiously generating the format.) [originally from svn r8201]
This commit is contained in:
parent
c26dbd0337
commit
a59c4e9486
21
sshrsa.c
21
sshrsa.c
@ -352,9 +352,20 @@ int rsa_verify(struct RSAKey *key)
|
||||
|
||||
/*
|
||||
* Ensure p > q.
|
||||
*
|
||||
* I have seen key blobs in the wild which were generated with
|
||||
* p < q, so instead of rejecting the key in this case we
|
||||
* should instead flip them round into the canonical order of
|
||||
* p > q. This also involves regenerating iqmp.
|
||||
*/
|
||||
if (bignum_cmp(key->p, key->q) <= 0)
|
||||
return 0;
|
||||
if (bignum_cmp(key->p, key->q) <= 0) {
|
||||
Bignum tmp = key->p;
|
||||
key->p = key->q;
|
||||
key->q = tmp;
|
||||
|
||||
freebn(key->iqmp);
|
||||
key->iqmp = modinv(key->q, key->p);
|
||||
}
|
||||
|
||||
/*
|
||||
* Ensure iqmp * q is congruent to 1, modulo p.
|
||||
@ -419,6 +430,12 @@ void freersakey(struct RSAKey *key)
|
||||
freebn(key->exponent);
|
||||
if (key->private_exponent)
|
||||
freebn(key->private_exponent);
|
||||
if (key->p)
|
||||
freebn(key->p);
|
||||
if (key->q)
|
||||
freebn(key->q);
|
||||
if (key->iqmp)
|
||||
freebn(key->iqmp);
|
||||
if (key->comment)
|
||||
sfree(key->comment);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user