security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

scd: Fix hard-coded constant for RSA auth. 

* scd/app-openpgp.c (do_auth): Allow larger data for RSA-4096.

--

OpenPGPcard specification says that it will be rejected by the card
when it's larger.  We have been the check on host side too, but it was
written when it only had a support for RSA-2048.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2022-04-25 11:14:10 +09:00
parent 8b3a24e517
commit 2848fe4c84
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
scd/app-openpgp.c
View File

@ -5445,9 +5445,15 @@ do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
goto indata_ready;
}
if (app->app_local->keyattr[2].key_type == KEY_TYPE_RSA
&& indatalen > 101) /* For a 2048 bit key. */
return gpg_error (GPG_ERR_INV_VALUE);
if (app->app_local->keyattr[2].key_type == KEY_TYPE_RSA)
{
int size_40percent = (app->app_local->keyattr[2].rsa.n_bits+7)/8 * 4;
/* OpenPGP card does PKCS#1 for RSA, data should not be larger
than 40% of the modulus length. */
if (indatalen * 10 > size_40percent)
return gpg_error (GPG_ERR_INV_VALUE);
}
if (app->app_local->keyattr[2].key_type == KEY_TYPE_ECC)
{