|
|
10790f |
diff --git a/lib/nettle/int/rsa-keygen-fips186.c b/lib/nettle/int/rsa-keygen-fips186.c
|
|
|
10790f |
index 624aa36..b064b45 100644
|
|
|
10790f |
--- a/lib/nettle/int/rsa-keygen-fips186.c
|
|
|
10790f |
+++ b/lib/nettle/int/rsa-keygen-fips186.c
|
|
|
10790f |
@@ -27,7 +27,6 @@
|
|
|
10790f |
#include "config.h"
|
|
|
10790f |
#endif
|
|
|
10790f |
|
|
|
10790f |
-#include <assert.h>
|
|
|
10790f |
#include <stdlib.h>
|
|
|
10790f |
#include <stdio.h>
|
|
|
10790f |
#include <string.h>
|
|
|
10790f |
@@ -337,10 +336,16 @@ _rsa_generate_fips186_4_keypair(struct rsa_public_key *pub,
|
|
|
10790f |
|
|
|
10790f |
mpz_mul(pub->n, key->p, key->q);
|
|
|
10790f |
|
|
|
10790f |
- assert(mpz_sizeinbase(pub->n, 2) == n_size);
|
|
|
10790f |
+ if (mpz_sizeinbase(pub->n, 2) != n_size) {
|
|
|
10790f |
+ ret = 0;
|
|
|
10790f |
+ goto cleanup;
|
|
|
10790f |
+ }
|
|
|
10790f |
|
|
|
10790f |
/* c = q^{-1} (mod p) */
|
|
|
10790f |
- assert(mpz_invert(key->c, key->q, key->p) != 0);
|
|
|
10790f |
+ if (mpz_invert(key->c, key->q, key->p) == 0) {
|
|
|
10790f |
+ ret = 0;
|
|
|
10790f |
+ goto cleanup;
|
|
|
10790f |
+ }
|
|
|
10790f |
|
|
|
10790f |
mpz_sub_ui(p1, key->p, 1);
|
|
|
10790f |
mpz_sub_ui(q1, key->q, 1);
|
|
|
10790f |
@@ -352,6 +357,12 @@ _rsa_generate_fips186_4_keypair(struct rsa_public_key *pub,
|
|
|
10790f |
goto cleanup;
|
|
|
10790f |
}
|
|
|
10790f |
|
|
|
10790f |
+ /* check whether d > 2^(nlen/2) -- FIPS186-4 5.3.1 */
|
|
|
10790f |
+ if (mpz_sizeinbase(key->d, 2) < n_size/2) {
|
|
|
10790f |
+ ret = 0;
|
|
|
10790f |
+ goto cleanup;
|
|
|
10790f |
+ }
|
|
|
10790f |
+
|
|
|
10790f |
/* Done! Almost, we must compute the auxillary private values. */
|
|
|
10790f |
/* a = d % (p-1) */
|
|
|
10790f |
mpz_fdiv_r(key->a, key->d, p1);
|
|
|
10790f |
@@ -362,7 +373,10 @@ _rsa_generate_fips186_4_keypair(struct rsa_public_key *pub,
|
|
|
10790f |
/* c was computed earlier */
|
|
|
10790f |
|
|
|
10790f |
pub->size = key->size = (n_size + 7) / 8;
|
|
|
10790f |
- assert(pub->size >= RSA_MINIMUM_N_OCTETS);
|
|
|
10790f |
+ if (pub->size < RSA_MINIMUM_N_OCTETS) {
|
|
|
10790f |
+ ret = 0;
|
|
|
10790f |
+ goto cleanup;
|
|
|
10790f |
+ }
|
|
|
10790f |
|
|
|
10790f |
ret = 1;
|
|
|
10790f |
cleanup:
|