o5r/plan9port
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

factotum: double-check RSA/DSA keys when loading

Browse source 
R=rsc
http://codereview.appspot.com/463041
This commit is contained in:
Russ Cox 2010-03-11 18:03:53 -08:00
parent 8e4ac5f7fa
commit ddfc031c3b
2 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/cmd/auth/factotum/dsa.c
View file

@ -86,6 +86,10 @@ readdsapriv(Key *k)
|| (priv->pub.q=strtomp(a, nil, 16, nil))==nil)
goto Error;
strlwr(a);
if(!probably_prime(priv->pub.p, 20) && !probably_prime(priv->pub.q, 20)) {
werrstr("dsa: p or q not prime");
goto Error;
}
if((a=strfindattr(k->attr, "alpha"))==nil
|| (priv->pub.alpha=strtomp(a, nil, 16, nil))==nil)
goto Error;