ssh/agent: limit RSA key size on Add requests parseRSAKey and parseRSACert build an rsa.PrivateKey directly from the Add request body and then call priv.Precompute(). The CRT coefficient recomputation in Precompute() is cubic in the size of the prime factors, so accepting RSA keys with arbitrary modulus and prime sizes can consume excessive CPU resources during a single Add operation. Add a checkRSAKeyParams helper that enforces the same bounds as parseRSA in the ssh package (modulus <= 8192 bits, exponent <= 24 bits, exponent >= 3 and odd) plus a cap of 4096 bits on each prime factor, and call it from both parseRSAKey and parseRSACert before priv.Precompute(). The previous inline check on the exponent (BitLen > 30) is subsumed by the new helper, which tightens it to BitLen > 24 for consistency with parseRSA. Change-Id: I6f0bbbfdc1db13d62a1f85e1d0e6ae517f000443 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/782421 Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: David Chase <drchase@google.com> LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Junyang Shao <shaojunyang@google.com>
This repository holds supplementary Go cryptography packages.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://go.dev/doc/contribute.
The git repository is https://go.googlesource.com/crypto.
The main issue tracker for the crypto repository is located at https://go.dev/issues. Prefix your issue with “x/crypto:” in the subject line, so it is easy to find.
Note that contributions to the cryptography package receive additional scrutiny due to their sensitive nature. Patches may take longer than normal to receive feedback.