Require that certain public keys have public exponent 65537

1 files changed, 17 insertions, 0 deletions

diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 7ff0e2c3ce..ceef054af0 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -1326,6 +1326,11 @@ router_parse_entry_from_string(const char *s, const char *end,
     goto err;
 
   tok = find_by_keyword(tokens, K_ONION_KEY);
+  if (!crypto_pk_check_key_public_exponent(tok->key)) {
+    log_warn(LD_DIR,
+             "Relay's onion key had invalid exponent.");
+    goto err;
+  }
   router->onion_pkey = tok->key;
   tok->key = NULL; /* Prevent free */
 
@@ -3971,10 +3976,22 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed,
     }
     /* Parse onion key. */
     tok = find_by_keyword(tokens, R_IPO_ONION_KEY);
+    if (!crypto_pk_check_key_public_exponent(tok->key)) {
+      log_warn(LD_REND,
+               "Introduction point's onion key had invalid exponent.");
+      rend_intro_point_free(intro);
+      goto err;
+    }
     info->onion_key = tok->key;
     tok->key = NULL; /* Prevent free */
     /* Parse service key. */
     tok = find_by_keyword(tokens, R_IPO_SERVICE_KEY);
+    if (!crypto_pk_check_key_public_exponent(tok->key)) {
+      log_warn(LD_REND,
+               "Introduction point key had invalid exponent.");
+      rend_intro_point_free(intro);
+      goto err;
+    }
     intro->intro_key = tok->key;
     tok->key = NULL; /* Prevent free */
     /* Add extend info to list of introduction points. */