Commit bbf2fee8 authored by Nick Mathewson's avatar Nick Mathewson
Browse files

Reject 128-byte keys that are not 1024-bit

When we added the check for key size, we required that the keys be
128 bytes.  But RSA_size (which defers to BN_num_bytes) will return
128 for keys of length 1017..1024.  This patch adds a new
crypto_pk_num_bits() that returns the actual number of significant
bits in the modulus, and uses that to enforce key sizes.

Also, credit the original bug3318 in the changes file.
parent 1d8bcba0
o Minor bugfixes:
- Fix a log message that said "bits" while displaying a value in
bytes. Fixes bug 3318; bugfix on
bytes. Found by wanoskarnet. Fixes bug 3318; bugfix on
- When checking for 1024-bit keys, check for 1024 bits, not 128
bytes. This allows Tor to correctly discard keys of length
1017 through 1023. Bugfix on 0.0.9pre5.
......@@ -777,6 +777,17 @@ crypto_pk_keysize(crypto_pk_env_t *env)
return (size_t) RSA_size(env->key);
/** Return the size of the public key modulus of <b>env</b>, in bits. */
crypto_pk_num_bits(crypto_pk_env_t *env)
return BN_num_bits(env->key->n);
/** Increase the reference count of <b>env</b>, and return it.
crypto_pk_env_t *
......@@ -119,6 +119,7 @@ int crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env,
int crypto_pk_check_key(crypto_pk_env_t *env);
int crypto_pk_cmp_keys(crypto_pk_env_t *a, crypto_pk_env_t *b);
size_t crypto_pk_keysize(crypto_pk_env_t *env);
int crypto_pk_num_bits(crypto_pk_env_t *env);
crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *orig);
crypto_pk_env_t *crypto_pk_copy_full(crypto_pk_env_t *orig);
int crypto_pk_key_is_private(const crypto_pk_env_t *key);
......@@ -3765,9 +3765,9 @@ token_check_object(memarea_t *area, const char *kwd,
case NEED_KEY_1024: /* There must be a 1024-bit public key. */
case NEED_SKEY_1024: /* There must be a 1024-bit private key. */
if (tok->key && crypto_pk_keysize(tok->key) != PK_BYTES) {
if (tok->key && crypto_pk_num_bits(tok->key) != PK_BYTES*8) {
tor_snprintf(ebuf, sizeof(ebuf), "Wrong size on key for %s: %d bits",
kwd, (int)crypto_pk_keysize(tok->key)*8);
kwd, crypto_pk_num_bits(tok->key));
/* fall through */
......@@ -343,7 +343,9 @@ test_crypto_pk(void)
test_eq(0, crypto_pk_cmp_keys(pk1, pk2));
test_eq(128, crypto_pk_keysize(pk1));
test_eq(1024, crypto_pk_num_bits(pk1));
test_eq(128, crypto_pk_keysize(pk2));
test_eq(1024, crypto_pk_num_bits(pk2));
test_eq(128, crypto_pk_public_encrypt(pk2, data1, sizeof(data1),
"Hello whirled.", 15,
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment