Add input check to rsa_decrypt family of functions.

(cherry picked from commit 0ad0b5df315665250dfdaa4a1e087f4799edaefe)
author: Niels Möller <nisse@lysator.liu.se> 2021-06-08 21:32:38 +0200
committer: Niels Möller <nisse@lysator.liu.se> 2021-06-08 21:32:38 +0200
commit: c80961c646b0962ab152619ac0a7c6a21850a380 (patch)
tree: 5630616bfb4ceb3704e329aa6a8afdf37b10f546 /rsa-decrypt.c
parent: cd6059aebdd3059fbcf674dddb850b821c13b6c2 (diff)
download: nettle-c80961c646b0962ab152619ac0a7c6a21850a380.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/rsa-decrypt.c b/rsa-decrypt.c
index 7681439d..540d8baa 100644
--- a/rsa-decrypt.c
+++ b/rsa-decrypt.c
@@ -48,6 +48,16 @@ rsa_decrypt(const struct rsa_private_key *key,
   int res;
 
   mpz_init(m);
+
+  /* First check that input is in range. Since we don't have the
+     public key available here, we need to reconstruct n. */
+  mpz_mul (m, key->p, key->q);
+  if (mpz_sgn (gibberish) < 0 || mpz_cmp (gibberish, m) >= 0)
+    {
+      mpz_clear (m);
+      return 0;
+    }
+
   rsa_compute_root(key, m, gibberish);
 
   res = pkcs1_decrypt (key->size, m, length, message);
author	Niels Möller <nisse@lysator.liu.se>	2021-06-08 21:32:38 +0200
committer	Niels Möller <nisse@lysator.liu.se>	2021-06-08 21:32:38 +0200
commit	c80961c646b0962ab152619ac0a7c6a21850a380 (patch)
tree	5630616bfb4ceb3704e329aa6a8afdf37b10f546 /rsa-decrypt.c
parent	cd6059aebdd3059fbcf674dddb850b821c13b6c2 (diff)
download	nettle-c80961c646b0962ab152619ac0a7c6a21850a380.tar.gz