OpenSSL might loop indefinitely if we provide an even or
zero public exponent (e).
* Fix byte-order issue for Little-endian archs
* Explicitly fail with even numbers
* Generate random odd number when e=0
Signed-off-by: Klaus Heinrich Kiwi <[email protected]>
---
usr/lib/pkcs11/soft_stdll/soft_specific.c | 39 ++++++++++++++++++----------
1 files changed, 25 insertions(+), 14 deletions(-)
diff --git a/usr/lib/pkcs11/soft_stdll/soft_specific.c
b/usr/lib/pkcs11/soft_stdll/soft_specific.c
index 3cdda4b..2e8ee5b 100644
--- a/usr/lib/pkcs11/soft_stdll/soft_specific.c
+++ b/usr/lib/pkcs11/soft_stdll/soft_specific.c
@@ -410,9 +410,10 @@ token_specific_des_key_gen(CK_BYTE *des_key,CK_ULONG len)
// random data... Validation handles the rest
rng_generate(des_key,len);
- // we really need to validate the key for parity etc...
+ // TODO: we really need to validate the key for parity etc...
// we should do that here... The caller validates the single des keys
// against the known and suspected poor keys..
+ // also: check rng_generate() return value
return CKR_OK;
}
@@ -822,7 +823,8 @@ os_specific_rsa_keygen(TEMPLATE *publ_tmpl, TEMPLATE
*priv_tmpl)
RSA *rsa;
BIGNUM *bignum;
CK_BYTE *ssl_ptr;
- void *e = NULL;
+ unsigned long e = 0;
+ unsigned int i;
flag = template_attribute_find( publ_tmpl, CKA_MODULUS_BITS, &attr );
if (!flag){
@@ -848,28 +850,37 @@ os_specific_rsa_keygen(TEMPLATE *publ_tmpl, TEMPLATE
*priv_tmpl)
return CKR_KEY_SIZE_RANGE;
}
- e = calloc(1, sizeof(unsigned long));
- if (e == NULL) {
- st_err_log(1, __FILE__, __LINE__);
- return CKR_HOST_MEMORY;
- }
-
#ifndef __BYTE_ORDER
#error "Architecture endianness is not defined."
#endif
+ /* PKCS#11 defines "Big number" as a BIG-ENDIAN value*/
#if __BYTE_ORDER == __LITTLE_ENDIAN
- memcpy(e, publ_exp->pValue, publ_exp->ulValueLen);
-
+ for (i = 0; i < publ_exp->ulValueLen; i ++){
+ ((CK_BYTE *) &e)[i] = ((CK_BYTE *)
publ_exp->pValue)[publ_exp->ulValueLen - 1 - i];
+ }
#else
- memcpy(e + (sizeof(unsigned long) - publ_exp->ulValueLen),
publ_exp->pValue, publ_exp->ulValueLen);
+ memcpy(&e + (sizeof(unsigned long) - publ_exp->ulValueLen),
publ_exp->pValue, publ_exp->ulValueLen);
#endif
+ // Now that we have the publ_exp in our 'local' representation,
+ // we can check for a valid public exponent.
+ // 1st) generate even number if e=0
+ if (e == 0) {
+ rc = rng_generate((CK_BYTE_PTR) &e, sizeof(e));
+ if (rc != CKR_OK) {
+ return CKR_FUNCTION_FAILED;
+ }
+ e |= 0x01; // make it odd
+ }
+ else if ( e % 2 == 0 ) {
+ st_err_log(20, __FILE__, __LINE__);
+ return CKR_TEMPLATE_INCONSISTENT;
+ }
+
- rsa = RSA_generate_key(mod_bits, *(unsigned long *)e, NULL, NULL);
- free(e);
- e = NULL;
+ rsa = RSA_generate_key(mod_bits, e, NULL, NULL);
if (rsa == NULL) {
st_err_log(4, __FILE__, __LINE__);
--
1.7.2.3
------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
Opencryptoki-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
