commit b5beaa8995289f080ba410eea293a3065d62bec3
author Hanno Becker <hanno.becker@arm.com> Mon Oct 02 13:01:43 2017 +0100
committer Hanno Becker <hanno.becker@arm.com> Mon Oct 02 13:20:20 2017 +0100
tree d8bae73df260d257a97004ff1c28593e2f5671f1
parent c6fc878eda1421c68a3414bf47546e4f64f63839

Check that 1 < D, E < N in `mbedtls_rsa_validate_params`

library/rsa.c

diff --git a/library/rsa.c b/library/rsa.c
index 841f489..b0ba1eb 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -422,13 +422,13 @@
 #endif /* MBEDTLS_GENPRIME */
 
     /*
-     * Step 2: Check that N = PQ
+     * Step 2: Check that 1 < N = PQ
      */
 
     if( P != NULL && Q != NULL && N != NULL )
     {
         MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) );
-        if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 ||
+        if( mbedtls_mpi_cmp_int( N, 1 )  <= 0 ||
             mbedtls_mpi_cmp_mpi( &K, N ) != 0 )
         {
             ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
@@ -437,15 +437,29 @@
     }
 
     /*
-     * Step 3: Check that D, E are inverse modulo P-1 and Q-1
+     * Step 3: Check and 1 < D, E < N if present.
+     */
+
+    if( N != NULL && D != NULL && E != NULL )
+    {
+        if ( mbedtls_mpi_cmp_int( D, 1 ) <= 0 ||
+             mbedtls_mpi_cmp_int( E, 1 ) <= 0 ||
+             mbedtls_mpi_cmp_mpi( D, N ) >= 0 ||
+             mbedtls_mpi_cmp_mpi( E, N ) >= 0 )
+        {
+            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
+            goto cleanup;
+        }
+    }
+
+    /*
+     * Step 4: Check that D, E are inverse modulo P-1 and Q-1
      */
 
     if( P != NULL && Q != NULL && D != NULL && E != NULL )
     {
         if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 ||
-            mbedtls_mpi_cmp_int( Q, 1 ) <= 0 ||
-            mbedtls_mpi_cmp_int( D, 1 ) <= 0 ||
-            mbedtls_mpi_cmp_int( E, 1 ) <= 0 )
+            mbedtls_mpi_cmp_int( Q, 1 ) <= 0 )
         {
             ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
             goto cleanup;