xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

libsec: check if modulus is too small for message in pkcs1padbuf()

Browse source
This commit is contained in:
cinap_lenrek 2017-02-06 02:03:16 +01:00
parent 1df513a2a1
commit 02b3c609ed
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
sys/src/libsec/port/x509.c
View file

@ -2143,6 +2143,10 @@ pkcs1padbuf(uchar *buf, int len, mpint *modulus)
mpint *mp; mpint *mp;
pm1 = n - 1 - len; pm1 = n - 1 - len;
if(pm1 <= 2){
werrstr("pkcs1padbuf: modulus too small");
return nil;
}
p = (uchar*)emalloc(n); p = (uchar*)emalloc(n);
p[0] = 0; p[0] = 0;
p[1] = 1; p[1] = 1;
@ -2827,6 +2831,8 @@ X509rsagen(RSApriv *priv, char *subj, ulong valid[2], int *certlen)
goto errret; goto errret;
pkcs1 = pkcs1pad(sigbytes, pk->n); pkcs1 = pkcs1pad(sigbytes, pk->n);
freebytes(sigbytes); freebytes(sigbytes);
if(pkcs1 == nil)
goto errret;
rsadecrypt(priv, pkcs1, pkcs1); rsadecrypt(priv, pkcs1, pkcs1);
buflen = mptobe(pkcs1, nil, 0, &buf); buflen = mptobe(pkcs1, nil, 0, &buf);
@ -2894,6 +2900,8 @@ X509rsareq(RSApriv *priv, char *subj, int *certlen)
goto errret; goto errret;
pkcs1 = pkcs1pad(sigbytes, pk->n); pkcs1 = pkcs1pad(sigbytes, pk->n);
freebytes(sigbytes); freebytes(sigbytes);
if(pkcs1 == nil)
goto errret;
rsadecrypt(priv, pkcs1, pkcs1); rsadecrypt(priv, pkcs1, pkcs1);
buflen = mptobe(pkcs1, nil, 0, &buf); buflen = mptobe(pkcs1, nil, 0, &buf);