Fix rsa oaep key length check before decryption

babelouest · Aug 20, 2022 · dd528b3 · dd528b3
1 parent 775a8e8
commit dd528b3
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/src/jwe.c b/src/jwe.c
@@ -364,6 +364,11 @@ rsa_oaep_sha1_decrypt(const struct rsa_private_key *key,
   int res;
   struct sha1_ctx ctx;
 
+  if (nettle_mpz_sizeinbase_256_u (gibberish) > key->size ||
+      key->size < (2*SHA1_DIGEST_SIZE)+2) {
+    return 0;
+  }
+
   mpz_init(m);
   rsa_compute_root(key, m, gibberish);
 
@@ -384,6 +389,11 @@ rsa_oaep_sha256_decrypt(const struct rsa_private_key *key,
   int res;
   struct sha256_ctx ctx;
 
+  if (nettle_mpz_sizeinbase_256_u (gibberish) > key->size ||
+      key->size < (2*SHA1_DIGEST_SIZE)+2) {
+    return 0;
+  }
+
   mpz_init(m);
   rsa_compute_root(key, m, gibberish);