otr: reject private keys with parameters <= 0.
This serves as a basic sanity check and also prevents malformed private
keys from setting P=0 and consuming large amounts of CPU and memory in
the Exp call.
Change-Id: Ife22069b989a7347d8deaaf13030df82ee59e87b
Reviewed-on: https://go-review.googlesource.com/35246
Run-TryBot: Adam Langley <agl@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
diff --git a/otr/otr.go b/otr/otr.go
index 549be11..8861b77 100644
--- a/otr/otr.go
+++ b/otr/otr.go
@@ -1313,6 +1313,12 @@
mpis[i] = new(big.Int).SetBytes(mpiBytes)
}
+ for _, mpi := range mpis {
+ if mpi.Sign() <= 0 {
+ return false
+ }
+ }
+
priv.PrivateKey.P = mpis[0]
priv.PrivateKey.Q = mpis[1]
priv.PrivateKey.G = mpis[2]