diff options
| author | Bodo Möller <bodo@openssl.org> | 2001-07-25 17:02:58 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2001-07-25 17:02:58 +0000 |
| commit | 24cff6ced5813a4d4014ed86828fba4e326d5868 (patch) | |
| tree | e5a919dee075921bb96c8ca86f7fa9697e1cea63 /crypto/rsa/rsa_eay.c | |
| parent | ac7b42610f0e70f81e9273e4b97d2828fb69bc7b (diff) | |
always reject data >= n
Diffstat (limited to 'crypto/rsa/rsa_eay.c')
| -rw-r--r-- | crypto/rsa/rsa_eay.c | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index f325050c1c..d61e72401f 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -79,8 +79,8 @@ static int RSA_eay_finish(RSA *rsa); static RSA_METHOD rsa_pkcs1_eay_meth={ "Eric Young's PKCS#1 RSA", RSA_eay_public_encrypt, - RSA_eay_public_decrypt, - RSA_eay_private_encrypt, + RSA_eay_public_decrypt, /* signature verification */ + RSA_eay_private_encrypt, /* signing */ RSA_eay_private_decrypt, RSA_eay_mod_exp, BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */ @@ -139,6 +139,13 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, if (BN_bin2bn(buf,num,&f) == NULL) goto err; + if (BN_ucmp(&f, rsa->n) >= 0) + { + /* usually the padding functions would catch this */ + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + goto err; + } + if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) { BN_MONT_CTX* bn_mont_ctx; @@ -186,6 +193,7 @@ err: return(r); } +/* signing */ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -223,6 +231,13 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, if (i <= 0) goto err; if (BN_bin2bn(buf,num,&f) == NULL) goto err; + + if (BN_ucmp(&f, rsa->n) >= 0) + { + /* usually the padding functions would catch this */ + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + goto err; + } if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) RSA_blinding_on(rsa,ctx); @@ -299,6 +314,12 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, /* make data into a big number */ if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err; + if (BN_ucmp(&f, rsa->n) >= 0) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + goto err; + } + if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) RSA_blinding_on(rsa,ctx); if (rsa->flags & RSA_FLAG_BLINDING) @@ -359,6 +380,7 @@ err: return(r); } +/* signature verification */ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -392,6 +414,13 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, } if (BN_bin2bn(from,flen,&f) == NULL) goto err; + + if (BN_ucmp(&f, rsa->n) >= 0) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + goto err; + } + /* do the decrypt */ if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) { |