Add size check for RSA modulus to mbedtls_rsa_complete

The function `mbedtls_rsa_complete` is supposed to guarantee that
RSA operations will complete without failure. In contrast, it does
not ensure consistency of parameters, which is the task of the
checking functions `rsa_check_pubkey` and `rsa_check_privkey`.

Previously, the maximum allowed size of the RSA modulus was checked
in `mbedtls_rsa_check_pubkey`. However, exceeding this size would lead
to failure of some RSA operations, hence this check belongs to
`mbedtls_rsa_complete` rather than `mbedtls_rsa_check_pubkey`.
This commit moves it accordingly.
This commit is contained in:
Hanno Becker 2018-01-05 08:14:49 +00:00
parent 895c5ab88e
commit 3a760a1857

View file

@ -146,8 +146,11 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv,
((void) blinding_needed);
#endif
if( ctx->len != mbedtls_mpi_size( &ctx->N ) )
if( ctx->len != mbedtls_mpi_size( &ctx->N ) ||
ctx->len > MBEDTLS_MPI_MAX_SIZE )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
/*
* 1. Modular exponentiation needs positive, odd moduli.
@ -573,8 +576,7 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
if( mbedtls_mpi_bitlen( &ctx->N ) < 128 ||
mbedtls_mpi_bitlen( &ctx->N ) > MBEDTLS_MPI_MAX_BITS )
if( mbedtls_mpi_bitlen( &ctx->N ) < 128 )
{
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
}