openpgp: Appease superfluous check in nettle wrapper.

- Make sure that the ciphertext is at least as large as the modulus. - Fixes #440.
author: Justus Winter <justus@sequoia-pgp.org> 2020-03-10 10:16:55 +0100
committer: Justus Winter <justus@sequoia-pgp.org> 2020-03-10 10:19:27 +0100
commit: 7b3d251025dfbe8c22be3e7456cae4af009d5696 (patch)
tree: 35f68001e7a58266a58255ef15334d0d9bb1afd2 /openpgp/src/crypto/asymmetric.rs
parent: 391a4b92c977cd64dfd131f3e29b0bc8d756d064 (diff)
1 files changed, 21 insertions, 2 deletions
diff --git a/openpgp/src/crypto/asymmetric.rs b/openpgp/src/crypto/asymmetric.rs
index 5948f71c..b39100e2 100644
--- a/openpgp/src/crypto/asymmetric.rs
+++ b/openpgp/src/crypto/asymmetric.rs
@@ -236,6 +236,25 @@ impl Decryptor for KeyPair {
             (PublicKey::RSA{ ref e, ref n },
              mpis::SecretKeyMaterial::RSA{ ref p, ref q, ref d, .. },
              mpis::Ciphertext::RSA{ ref c }) => {
+                // Workaround for #440:  Make sure c is of the same
+                // length as n.
+                // XXX: Remove once we depend on nettle > 7.0.0.
+                let c_ = if c.value().len() < n.value().len() {
+                    let mut c_ = vec![0; n.value().len() - c.value().len()];
+                    c_.extend_from_slice(c.value());
+                    Some(c_)
+                }  else {
+                    // If it is bigger, then the packet is likely
+                    // corrupted, tough luck then.
+                    None
+                };
+                let c = if let Some(c_) = c_.as_ref() {
+                    &c_[..]
+                } else {
+                    c.value()
+                };
+                // End of workaround.
+
                 let public = rsa::PublicKey::new(n.value(), e.value())?;
                 let secret = rsa::PrivateKey::new(d.value(), p.value(),
                                                   q.value(), Option::None)?;
@@ -243,11 +262,11 @@ impl Decryptor for KeyPair {
                 if let Some(l) = plaintext_len {
                     let mut plaintext: SessionKey = vec![0; l].into();
                     rsa::decrypt_pkcs1(&public, &secret, &mut rand,
-                                       c.value(), plaintext.as_mut())?;
+                                       c, plaintext.as_mut())?;
                     plaintext
                 } else {
                     rsa::decrypt_pkcs1_insecure(&public, &secret,
-                                                &mut rand, c.value())?
+                                                &mut rand, c)?
                     .into()
                 }
             }
author	Justus Winter <justus@sequoia-pgp.org>	2020-03-10 10:16:55 +0100
committer	Justus Winter <justus@sequoia-pgp.org>	2020-03-10 10:19:27 +0100
commit	7b3d251025dfbe8c22be3e7456cae4af009d5696 (patch)
tree	35f68001e7a58266a58255ef15334d0d9bb1afd2 /openpgp/src/crypto/asymmetric.rs
parent	391a4b92c977cd64dfd131f3e29b0bc8d756d064 (diff)