diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-01-03 23:43:23 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-01-03 23:43:23 +0100 |
commit | 6ac8d8cc687a4b665f146f3ebc8977e6c41d58df (patch) | |
tree | 41f29708fb89cd0437c52c8159ac8ef8a7edb80b | |
parent | cd6fef8507a7af16da1b4aa9150f8c6989404aa6 (diff) | |
download | gnutls-6ac8d8cc687a4b665f146f3ebc8977e6c41d58df.tar.gz |
added checks on decryption and verification.
-rw-r--r-- | lib/nettle/pk.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 7a8833f7d5..0a26356374 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -312,6 +312,12 @@ _wrap_nettle_pk_decrypt (gnutls_pk_algorithm_t algo, { struct rsa_private_key priv; bigint_t c, ri, nc; + + if (ciphertext->size != nettle_mpz_sizeinbase_256_u(TOMPZ (pk_params->params[0]))) + { + gnutls_assert (); + return GNUTLS_E_DECRYPTION_FAILED; + } if (_gnutls_mpi_scan_nz (&c, ciphertext->data, ciphertext->size) != 0) { @@ -627,12 +633,18 @@ _wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo, { bigint_t hash; + if (signature->size != nettle_mpz_sizeinbase_256_u(TOMPZ (pk_params->params[0]))) + { + gnutls_assert (); + return GNUTLS_E_PK_SIG_VERIFY_FAILED; + } + if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0) { gnutls_assert (); return GNUTLS_E_MPI_SCAN_FAILED; } - + ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size); if (ret < 0) { |