Add size check for RSA modulus to mbedtls_rsa_complete
The function `mbedtls_rsa_complete` is supposed to guarantee that RSA operations will complete without failure. In contrast, it does not ensure consistency of parameters, which is the task of the checking functions `rsa_check_pubkey` and `rsa_check_privkey`. Previously, the maximum allowed size of the RSA modulus was checked in `mbedtls_rsa_check_pubkey`. However, exceeding this size would lead to failure of some RSA operations, hence this check belongs to `mbedtls_rsa_complete` rather than `mbedtls_rsa_check_pubkey`. This commit moves it accordingly.
This commit is contained in:
parent
895c5ab88e
commit
3a760a1857
1 changed files with 5 additions and 3 deletions
|
@ -146,8 +146,11 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv,
|
|||
((void) blinding_needed);
|
||||
#endif
|
||||
|
||||
if( ctx->len != mbedtls_mpi_size( &ctx->N ) )
|
||||
if( ctx->len != mbedtls_mpi_size( &ctx->N ) ||
|
||||
ctx->len > MBEDTLS_MPI_MAX_SIZE )
|
||||
{
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
/*
|
||||
* 1. Modular exponentiation needs positive, odd moduli.
|
||||
|
@ -573,8 +576,7 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
|
|||
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
|
||||
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
||||
|
||||
if( mbedtls_mpi_bitlen( &ctx->N ) < 128 ||
|
||||
mbedtls_mpi_bitlen( &ctx->N ) > MBEDTLS_MPI_MAX_BITS )
|
||||
if( mbedtls_mpi_bitlen( &ctx->N ) < 128 )
|
||||
{
|
||||
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue