diff options
Diffstat (limited to 'src/lib/libcrypto/rsa')
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa.h | 6 | ||||
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_eay.c | 44 | ||||
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_err.c | 1 |
3 files changed, 51 insertions, 0 deletions
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h index 0b639cd37f..dbed701e89 100644 --- a/src/lib/libcrypto/rsa/rsa.h +++ b/src/lib/libcrypto/rsa/rsa.h | |||
| @@ -154,6 +154,11 @@ struct rsa_st | |||
| 154 | BN_BLINDING *blinding; | 154 | BN_BLINDING *blinding; |
| 155 | }; | 155 | }; |
| 156 | 156 | ||
| 157 | #define OPENSSL_RSA_MAX_MODULUS_BITS 16384 | ||
| 158 | |||
| 159 | #define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 | ||
| 160 | #define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "small" modulus only */ | ||
| 161 | |||
| 157 | #define RSA_3 0x3L | 162 | #define RSA_3 0x3L |
| 158 | #define RSA_F4 0x10001L | 163 | #define RSA_F4 0x10001L |
| 159 | 164 | ||
| @@ -386,6 +391,7 @@ void ERR_load_RSA_strings(void); | |||
| 386 | #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 | 391 | #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 |
| 387 | #define RSA_R_KEY_SIZE_TOO_SMALL 120 | 392 | #define RSA_R_KEY_SIZE_TOO_SMALL 120 |
| 388 | #define RSA_R_LAST_OCTET_INVALID 134 | 393 | #define RSA_R_LAST_OCTET_INVALID 134 |
| 394 | #define RSA_R_MODULUS_TOO_LARGE 105 | ||
| 389 | #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 | 395 | #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 |
| 390 | #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 | 396 | #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 |
| 391 | #define RSA_R_OAEP_DECODING_ERROR 121 | 397 | #define RSA_R_OAEP_DECODING_ERROR 121 |
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c index be4ac96ce3..610889dc80 100644 --- a/src/lib/libcrypto/rsa/rsa_eay.c +++ b/src/lib/libcrypto/rsa/rsa_eay.c | |||
| @@ -295,6 +295,28 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, | |||
| 295 | BN_init(&f); | 295 | BN_init(&f); |
| 296 | BN_init(&ret); | 296 | BN_init(&ret); |
| 297 | 297 | ||
| 298 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) | ||
| 299 | { | ||
| 300 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); | ||
| 301 | return -1; | ||
| 302 | } | ||
| 303 | |||
| 304 | if (BN_ucmp(rsa->n, rsa->e) <= 0) | ||
| 305 | { | ||
| 306 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); | ||
| 307 | return -1; | ||
| 308 | } | ||
| 309 | |||
| 310 | /* for large moduli, enforce exponent limit */ | ||
| 311 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) | ||
| 312 | { | ||
| 313 | if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) | ||
| 314 | { | ||
| 315 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); | ||
| 316 | return -1; | ||
| 317 | } | ||
| 318 | } | ||
| 319 | |||
| 298 | if ((ctx=BN_CTX_new()) == NULL) goto err; | 320 | if ((ctx=BN_CTX_new()) == NULL) goto err; |
| 299 | num=BN_num_bytes(rsa->n); | 321 | num=BN_num_bytes(rsa->n); |
| 300 | if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) | 322 | if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) |
| @@ -576,6 +598,28 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, | |||
| 576 | unsigned char *buf=NULL; | 598 | unsigned char *buf=NULL; |
| 577 | BN_CTX *ctx=NULL; | 599 | BN_CTX *ctx=NULL; |
| 578 | 600 | ||
| 601 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) | ||
| 602 | { | ||
| 603 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); | ||
| 604 | return -1; | ||
| 605 | } | ||
| 606 | |||
| 607 | if (BN_ucmp(rsa->n, rsa->e) <= 0) | ||
| 608 | { | ||
| 609 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); | ||
| 610 | return -1; | ||
| 611 | } | ||
| 612 | |||
| 613 | /* for large moduli, enforce exponent limit */ | ||
| 614 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) | ||
| 615 | { | ||
| 616 | if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) | ||
| 617 | { | ||
| 618 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); | ||
| 619 | return -1; | ||
| 620 | } | ||
| 621 | } | ||
| 622 | |||
| 579 | BN_init(&f); | 623 | BN_init(&f); |
| 580 | BN_init(&ret); | 624 | BN_init(&ret); |
| 581 | ctx=BN_CTX_new(); | 625 | ctx=BN_CTX_new(); |
diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c index 2ec4b30ff7..ddcb28e663 100644 --- a/src/lib/libcrypto/rsa/rsa_err.c +++ b/src/lib/libcrypto/rsa/rsa_err.c | |||
| @@ -129,6 +129,7 @@ static ERR_STRING_DATA RSA_str_reasons[]= | |||
| 129 | {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"}, | 129 | {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"}, |
| 130 | {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, | 130 | {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, |
| 131 | {ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, | 131 | {ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, |
| 132 | {ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, | ||
| 132 | {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, | 133 | {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, |
| 133 | {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, | 134 | {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, |
| 134 | {ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, | 135 | {ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, |