diff options
author | Niels Möller <nisse@lysator.liu.se> | 2021-06-08 21:32:38 +0200 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2021-06-08 21:32:38 +0200 |
commit | c80961c646b0962ab152619ac0a7c6a21850a380 (patch) | |
tree | 5630616bfb4ceb3704e329aa6a8afdf37b10f546 /rsa-decrypt.c | |
parent | cd6059aebdd3059fbcf674dddb850b821c13b6c2 (diff) | |
download | nettle-c80961c646b0962ab152619ac0a7c6a21850a380.tar.gz |
Add input check to rsa_decrypt family of functions.
(cherry picked from commit 0ad0b5df315665250dfdaa4a1e087f4799edaefe)
Diffstat (limited to 'rsa-decrypt.c')
-rw-r--r-- | rsa-decrypt.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/rsa-decrypt.c b/rsa-decrypt.c index 7681439d..540d8baa 100644 --- a/rsa-decrypt.c +++ b/rsa-decrypt.c @@ -48,6 +48,16 @@ rsa_decrypt(const struct rsa_private_key *key, int res; mpz_init(m); + + /* First check that input is in range. Since we don't have the + public key available here, we need to reconstruct n. */ + mpz_mul (m, key->p, key->q); + if (mpz_sgn (gibberish) < 0 || mpz_cmp (gibberish, m) >= 0) + { + mpz_clear (m); + return 0; + } + rsa_compute_root(key, m, gibberish); res = pkcs1_decrypt (key->size, m, length, message); |