Preserve old behavior by checking public key in RSA parsing function The function `pk_get_rsapubkey` originally performed some basic sanity checks (e.g. on the size of public exponent) on the parsed RSA public key by a call to `mbedtls_rsa_check_pubkey`. This check was dropped because it is not possible to thoroughly check full parameter sanity (i.e. that (-)^E is a bijection on Z/NZ). Still, for the sake of not silently changing existing behavior, this commit puts back the call to `mbedtls_rsa_check_pubkey`.

commit: 895c5ab88e10d5de13e932eaeb6ba04651c76f8b [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Fri Jan 05 08:08:09 2018 +0000
committer: Hanno Becker <hanno.becker@arm.com> Fri Jan 05 08:08:09 2018 +0000
tree: a4f7e79628e2cb9d111603eca273c048af8f475a
parent: efeef6cf03797cdfc729dc026341a1bae6cd7217 [diff]
diff --git a/library/pkparse.c b/library/pkparse.c
index 159b485..f97d89e 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c

@@ -543,8 +543,11 @@
 
     *p += len;
 
-    if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
+    if( mbedtls_rsa_complete( rsa ) != 0 ||
+        mbedtls_rsa_check_pubkey( rsa ) != 0 )
+    {
         return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
+    }
 
     if( *p != end )
         return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
commit	895c5ab88e10d5de13e932eaeb6ba04651c76f8b	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Fri Jan 05 08:08:09 2018 +0000
committer	Hanno Becker <hanno.becker@arm.com>	Fri Jan 05 08:08:09 2018 +0000
tree	a4f7e79628e2cb9d111603eca273c048af8f475a
parent	efeef6cf03797cdfc729dc026341a1bae6cd7217 [diff]