From 9e1085c924133d7b73c7b0a42282fb13b34f28b8 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 5 Feb 2020 11:11:35 -0500 Subject: When parsing, reject >1024-bit RSA private keys sooner. Private-key validation is fairly expensive for long keys in openssl, so we need to avoid it sooner. --- src/feature/dirparse/parsecommon.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/feature/dirparse') diff --git a/src/feature/dirparse/parsecommon.c b/src/feature/dirparse/parsecommon.c index 632f5adff0..5b753f0f23 100644 --- a/src/feature/dirparse/parsecommon.c +++ b/src/feature/dirparse/parsecommon.c @@ -389,7 +389,8 @@ get_next_token(memarea_t *area, RET_ERR("Couldn't parse public key."); } else if (!strcmp(tok->object_type, "RSA PRIVATE KEY")) { /* private key */ tok->key = crypto_pk_new(); - if (crypto_pk_read_private_key_from_string(tok->key, obstart, eol-obstart)) + if (crypto_pk_read_private_key1024_from_string(tok->key, + obstart, eol-obstart)) RET_ERR("Couldn't parse private key."); } else { /* If it's something else, try to base64-decode it */ int r; -- cgit v1.2.3-54-g00ecf From f160212ee855b6899063f2e9355abd59105d6a04 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 5 Feb 2020 11:57:31 -0500 Subject: When parsing tokens, reject early on spurious keys. --- src/feature/dirparse/parsecommon.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/feature/dirparse') diff --git a/src/feature/dirparse/parsecommon.c b/src/feature/dirparse/parsecommon.c index 5b753f0f23..e8269f7ec7 100644 --- a/src/feature/dirparse/parsecommon.c +++ b/src/feature/dirparse/parsecommon.c @@ -384,10 +384,16 @@ get_next_token(memarea_t *area, RET_ERR("Couldn't parse object: missing footer or object much too big."); if (!strcmp(tok->object_type, "RSA PUBLIC KEY")) { /* If it's a public key */ + if (o_syn != NEED_KEY && o_syn != NEED_KEY_1024 && o_syn != OBJ_OK) { + RET_ERR("Unexpected public key."); + } tok->key = crypto_pk_new(); if (crypto_pk_read_public_key_from_string(tok->key, obstart, eol-obstart)) RET_ERR("Couldn't parse public key."); } else if (!strcmp(tok->object_type, "RSA PRIVATE KEY")) { /* private key */ + if (o_syn != NEED_SKEY_1024 && o_syn != OBJ_OK) { + RET_ERR("Unexpected private key."); + } tok->key = crypto_pk_new(); if (crypto_pk_read_private_key1024_from_string(tok->key, obstart, eol-obstart)) -- cgit v1.2.3-54-g00ecf