validate the parsed RSA private key

diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c
index 9896d8dcea30da2be6105a77bd303b9c7530c772..2aadf2fc47378779598efe40d5bd4daf8c0b2c95 100644 (file)
--- a/src/util/crypto_rsa.c
+++ b/src/util/crypto_rsa.c
@@ -222,7 +222,6 @@ GNUNET_CRYPTO_rsa_private_key_decode (const char *buf,
                               size_t len)
 {
   struct GNUNET_CRYPTO_rsa_PrivateKey *key;
-
   key = GNUNET_new (struct GNUNET_CRYPTO_rsa_PrivateKey);
   if (0 !=
       gcry_sexp_new (&key->sexp,
@@ -230,11 +229,18 @@ GNUNET_CRYPTO_rsa_private_key_decode (const char *buf,
                      len,
                      0))
   {
-    GNUNET_break_op (0);
+    LOG (GNUNET_ERROR_TYPE_WARNING,
+         "Decoded private key is not valid\n");
     GNUNET_free (key);
     return NULL;
   }
-  /* FIXME: verify that this is an RSA private key */
+  if (0 != gcry_pk_testkey (key->sexp))
+  {
+    LOG (GNUNET_ERROR_TYPE_WARNING,
+         "Decoded private key is not valid\n");
+    GNUNET_CRYPTO_rsa_private_key_free (key);
+    return NULL;
+  }
   return key;
 }
 

diff --git a/src/util/test_crypto_rsa.c b/src/util/test_crypto_rsa.c
index fc41dc24fbc66dfd7fd706e36b0d6e197530a560..b2d749ab9d94f9bf2ba400d616465e4c91977dc9 100644 (file)
--- a/src/util/test_crypto_rsa.c
+++ b/src/util/test_crypto_rsa.c
@@ -54,6 +54,15 @@ main (int argc,
   char *enc;
   enc = NULL;
   size = GNUNET_CRYPTO_rsa_private_key_encode (priv, &enc);
+  /* Decoding */
+  GNUNET_CRYPTO_rsa_private_key_free (priv);
+  priv = NULL;
+  priv = GNUNET_CRYPTO_rsa_private_key_decode (enc, size);
+  GNUNET_assert (NULL != priv);
+  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
+                              enc, size);
+  GNUNET_assert (NULL == GNUNET_CRYPTO_rsa_private_key_decode (enc, size));
+  (void) fprintf (stderr, "The above warning is expected.\n");
   GNUNET_free (enc);
 
   /* try ordinary sig first */