1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00

sshrsa.c now obeys the RFC793 Robustness Principle when it comes to

the ordering of the primes in a fully specified RSA private key:
when the key format typically has p > q, it will always output p > q
but be willing to tolerate p < q on input. (Inspired by seeing an
OpenSSH-format key file in the wild which had p < q, which I've
never seen before; I suspect a third-party application incautiously
generating the format.)

[originally from svn r8201]
This commit is contained in:
Simon Tatham 2008-10-07 17:48:59 +00:00
parent c26dbd0337
commit a59c4e9486

View File

@ -352,9 +352,20 @@ int rsa_verify(struct RSAKey *key)
/*
* Ensure p > q.
*
* I have seen key blobs in the wild which were generated with
* p < q, so instead of rejecting the key in this case we
* should instead flip them round into the canonical order of
* p > q. This also involves regenerating iqmp.
*/
if (bignum_cmp(key->p, key->q) <= 0)
return 0;
if (bignum_cmp(key->p, key->q) <= 0) {
Bignum tmp = key->p;
key->p = key->q;
key->q = tmp;
freebn(key->iqmp);
key->iqmp = modinv(key->q, key->p);
}
/*
* Ensure iqmp * q is congruent to 1, modulo p.
@ -419,6 +430,12 @@ void freersakey(struct RSAKey *key)
freebn(key->exponent);
if (key->private_exponent)
freebn(key->private_exponent);
if (key->p)
freebn(key->p);
if (key->q)
freebn(key->q);
if (key->iqmp)
freebn(key->iqmp);
if (key->comment)
sfree(key->comment);
}