From 895c5ab88e10d5de13e932eaeb6ba04651c76f8b Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 5 Jan 2018 08:08:09 +0000
Subject: [PATCH] Preserve old behavior by checking public key in RSA parsing
 function

The function `pk_get_rsapubkey` originally performed some basic
sanity checks (e.g. on the size of public exponent) on the parsed
RSA public key by a call to `mbedtls_rsa_check_pubkey`.
This check was dropped because it is not possible to thoroughly
check full parameter sanity (i.e. that (-)^E is a bijection on Z/NZ).

Still, for the sake of not silently changing existing behavior,
this commit puts back the call to `mbedtls_rsa_check_pubkey`.
---
 library/pkparse.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/library/pkparse.c b/library/pkparse.c
index 159b485eb..f97d89ea1 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -543,8 +543,11 @@ static int pk_get_rsapubkey( unsigned char **p,
 
     *p += len;
 
-    if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
+    if( mbedtls_rsa_complete( rsa ) != 0 ||
+        mbedtls_rsa_check_pubkey( rsa ) != 0 )
+    {
         return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
+    }
 
     if( *p != end )
         return( MBEDTLS_ERR_PK_INVALID_PUBKEY +