Commit 5a72a244 authored by Herbert Xu's avatar Herbert Xu
Browse files

crypto: rsa - Check MPI allocation errors 



Fixes: 6637e11e ("crypto: rsa - allow only odd e and restrict value in FIPS mode")
Fixes: f145d411 ("crypto: rsa - implement Chinese Remainder Theorem for faster private key operation")
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 560efa7f

crypto/rsa.c

+12 −7
Original line number Diff line number Diff line
@@ -98,15 +98,14 @@ static int _rsa_dec_crt(const struct rsa_mpi_key *key, MPI m_or_m1_or_h, MPI c) 
		goto err_free_mpi;



	/* (2iii) h = (m_1 - m_2) * qInv mod p */

	mpi_sub(m12_or_qh, m_or_m1_or_h, m2);

	ret = mpi_sub(m12_or_qh, m_or_m1_or_h, m2) ?:

	      mpi_mulm(m_or_m1_or_h, m12_or_qh, key->qinv, key->p);



	/* (2iv) m = m_2 + q * h */

	mpi_mul(m12_or_qh, key->q, m_or_m1_or_h);

	ret = ret ?:

	      mpi_mul(m12_or_qh, key->q, m_or_m1_or_h) ?:

	      mpi_addm(m_or_m1_or_h, m2, m12_or_qh, key->n);



	ret = 0;



err_free_mpi:

	mpi_free(m12_or_qh);

	mpi_free(m2);
@@ -236,6 +235,7 @@ static int rsa_check_key_length(unsigned int len) 
static int rsa_check_exponent_fips(MPI e)

{

	MPI e_max = NULL;

	int err;



	/* check if odd */

	if (!mpi_test_bit(e, 0)) {
@@ -250,7 +250,12 @@ static int rsa_check_exponent_fips(MPI e) 
	e_max = mpi_alloc(0);

	if (!e_max)

		return -ENOMEM;

	mpi_set_bit(e_max, 256);



	err = mpi_set_bit(e_max, 256);

	if (err) {

		mpi_free(e_max);

		return err;

	}



	if (mpi_cmp(e, e_max) >= 0) {

		mpi_free(e_max);