From 6b4b3001c425c5471069edd5542d1559846a309c Mon Sep 17 00:00:00 2001 From: Klas Lindfors Date: Tue, 23 Jun 2015 14:27:25 +0200 Subject: [PATCH] verify that e is 0x10001 on import fixes #13 --- tool/yubico-piv-tool.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c index a1a9eac..a9b6139 100644 --- a/tool/yubico-piv-tool.c +++ b/tool/yubico-piv-tool.c @@ -340,11 +340,19 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format, int sw; if(algorithm == YKPIV_ALGO_RSA1024 || algorithm == YKPIV_ALGO_RSA2048) { RSA *rsa_private_key = EVP_PKEY_get1_RSA(private_key); + unsigned char e[4]; + unsigned char *e_ptr = e; int element_len = 128; if(algorithm == YKPIV_ALGO_RSA1024) { element_len = 64; } + if((set_component_with_len(&e_ptr, rsa_private_key->e, 3) == false) || + !(e[1] == 0x01 && e[2] == 0x00 && e[3] == 0x01)) { + fprintf(stderr, "Invalid public exponent for import (only 0x10001 supported)\n"); + goto import_out; + } + *in_ptr++ = 0x01; if(set_component_with_len(&in_ptr, rsa_private_key->p, element_len) == false) { fprintf(stderr, "Failed setting p component.\n");