diff options
author | Ryan Sleevi <ryan.sleevi@gmail.com> | 2014-05-30 18:51:15 -0700 |
---|---|---|
committer | Ryan Sleevi <ryan.sleevi@gmail.com> | 2014-05-30 18:51:15 -0700 |
commit | d98464c455f63857bdae5ba32c8619bd3e23f870 (patch) | |
tree | 6f6754963b3c5b999cf7e298c0a074312da4e0a9 | |
parent | da6e500a44f515c5d64b8465abae8042b8834801 (diff) | |
download | nss-hg-d98464c455f63857bdae5ba32c8619bd3e23f870.tar.gz |
Bug 1016836 - Make RSA_PrivateKeyCheck robust against 'bad' (empty) parameters.
r=rrelyea
-rw-r--r-- | lib/freebl/rsa.c | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/lib/freebl/rsa.c b/lib/freebl/rsa.c index 8a9a11217..837e1b360 100644 --- a/lib/freebl/rsa.c +++ b/lib/freebl/rsa.c @@ -1406,6 +1406,17 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) CHECK_MPI_OK( mp_init(&d_q) ); CHECK_MPI_OK( mp_init(&qInv) ); CHECK_MPI_OK( mp_init(&res) ); + + if (!key->modulus.data || !key->prime1.data || !key->prime2.data || + !key->publicExponent.data || !key->privateExponent.data || + !key->exponent1.data || !key->exponent2.data || + !key->coefficient.data) { + /*call RSA_PopulatePrivateKey first, if the application wishes to + * recover these parameters */ + err = MP_BADARG; + goto cleanup; + } + SECITEM_TO_MPINT(key->modulus, &n); SECITEM_TO_MPINT(key->prime1, &p); SECITEM_TO_MPINT(key->prime2, &q); @@ -1458,27 +1469,19 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) CHECK_MPI_OK( mp_mulmod(&d, &e, &qsub1, &res) ); VERIFY_MPI_EQUAL_1(&res); /* - * The following errors can be recovered from. + * The following errors can be recovered from. However, the purpose of this + * function is to check consistency, so they are not. */ /* d_p == d mod p-1 */ CHECK_MPI_OK( mp_mod(&d, &psub1, &res) ); - if (mp_cmp(&d_p, &res) != 0) { - /* swap in the correct value */ - CHECK_SEC_OK( swap_in_key_value(key->arena, &res, &key->exponent1) ); - } + VERIFY_MPI_EQUAL(&res, &d_p); /* d_q == d mod q-1 */ CHECK_MPI_OK( mp_mod(&d, &qsub1, &res) ); - if (mp_cmp(&d_q, &res) != 0) { - /* swap in the correct value */ - CHECK_SEC_OK( swap_in_key_value(key->arena, &res, &key->exponent2) ); - } + VERIFY_MPI_EQUAL(&res, &d_q); /* q * q**-1 == 1 mod p */ CHECK_MPI_OK( mp_mulmod(&q, &qInv, &p, &res) ); - if (mp_cmp_d(&res, 1) != 0) { - /* compute the correct value */ - CHECK_MPI_OK( mp_invmod(&q, &p, &qInv) ); - CHECK_SEC_OK( swap_in_key_value(key->arena, &qInv, &key->coefficient) ); - } + VERIFY_MPI_EQUAL_1(&res); + cleanup: mp_clear(&n); mp_clear(&p); |