From 7d163f234b0198a6e69a631e5291d8a0220772c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@h5l.org>
Date: Wed, 30 Oct 2013 22:27:12 -0700
Subject: [PATCH] check that e have sane values

---
 lib/hcrypto/rsa-ltm.c | 46 +++++++++++++++++++++++++++----------------
 1 file changed, 29 insertions(+), 17 deletions(-)

diff --git a/lib/hcrypto/rsa-ltm.c b/lib/hcrypto/rsa-ltm.c
index 35d20b0a8..d1207603c 100644
--- a/lib/hcrypto/rsa-ltm.c
+++ b/lib/hcrypto/rsa-ltm.c
@@ -157,13 +157,18 @@ ltm_rsa_public_encrypt(int flen, const unsigned char* from,
     size = RSA_size(rsa);
 
     if (size < RSA_PKCS1_PADDING_SIZE || size - RSA_PKCS1_PADDING_SIZE < flen) {
-	mp_clear_multi(&n, &e, &enc, &dec);
+	mp_clear_multi(&n, &e, &enc, &dec, NULL);
 	return -2;
     }
 
     BN2mpz(&n, rsa->n);
     BN2mpz(&e, rsa->e);
 
+    if (mp_cmp_d(&e, 3) == MP_LT) {
+	mp_clear_multi(&e, &n, &enc, &dec, NULL);
+	return -2;
+    }
+
     p = p0 = malloc(size - 1);
     if (p0 == NULL) {
 	mp_clear_multi(&e, &n, &enc, &dec, NULL);
@@ -233,13 +238,10 @@ ltm_rsa_public_decrypt(int flen, const unsigned char* from,
     BN2mpz(&n, rsa->n);
     BN2mpz(&e, rsa->e);
 
-#if 0
-    /* Check that the exponent is larger then 3 */
-    if (mp_int_compare_value(&e, 3) <= 0) {
+    if (mp_cmp_d(&e, 3) == MP_LT) {
 	mp_clear_multi(&e, &n, &s, &us, NULL);
 	return -3;
     }
-#endif
 
     mp_read_unsigned_bin(&s, rk_UNCONST(from), flen);
 
@@ -287,7 +289,7 @@ static int
 ltm_rsa_private_encrypt(int flen, const unsigned char* from,
 			unsigned char* to, RSA* rsa, int padding)
 {
-    unsigned char *p, *p0;
+    unsigned char *ptr, *ptr0;
     int res;
     int size;
     mp_int in, out, n, e;
@@ -305,21 +307,26 @@ ltm_rsa_private_encrypt(int flen, const unsigned char* from,
     if (size < RSA_PKCS1_PADDING_SIZE || size - RSA_PKCS1_PADDING_SIZE < flen)
 	return -2;
 
-    p0 = p = malloc(size);
-    *p++ = 0;
-    *p++ = 1;
-    memset(p, 0xff, size - flen - 3);
-    p += size - flen - 3;
-    *p++ = 0;
-    memcpy(p, from, flen);
-    p += flen;
-    assert((p - p0) == size);
+    ptr0 = ptr = malloc(size);
+    *ptr++ = 0;
+    *ptr++ = 1;
+    memset(ptr, 0xff, size - flen - 3);
+    ptr += size - flen - 3;
+    *ptr++ = 0;
+    memcpy(ptr, from, flen);
+    ptr += flen;
+    assert((ptr - ptr0) == size);
 
     BN2mpz(&n, rsa->n);
     BN2mpz(&e, rsa->e);
 
-    mp_read_unsigned_bin(&in, p0, size);
-    free(p0);
+    if (mp_cmp_d(&e, 3) == MP_LT) {
+	size = -3;
+	goto out;
+    }
+
+    mp_read_unsigned_bin(&in, ptr0, size);
+    free(ptr0);
 
     if(mp_isneg(&in) || mp_cmp(&in, &n) >= 0) {
 	size = -3;
@@ -402,6 +409,11 @@ ltm_rsa_private_decrypt(int flen, const unsigned char* from,
     BN2mpz(&n, rsa->n);
     BN2mpz(&e, rsa->e);
 
+    if (mp_cmp_d(&e, 3) == MP_LT) {
+	size = -2;
+	goto out;
+    }
+
     mp_read_unsigned_bin(&in, rk_UNCONST(from), flen);
 
     if(mp_isneg(&in) || mp_cmp(&in, &n) >= 0) {