-
Notifications
You must be signed in to change notification settings - Fork 152
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Maximum modulus size #350
Comments
I think so. In an ideal world I would love to do sth like this key.verify::<MAX_KEY_SIZE>(&signature); with a default type parameter... but I guess that is a bit out |
That could probably be done as a const generic parameter with a default on e.g. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In #349 I suggested adopting some sort of ceiling on the size of integers that are acceptable for signatures, i.e. a maximum modulus size. This would prevent parsing some large amount of data that doesn't make sense as a signature to an extremely large integer.
While we do have checks that the signature does not exceed the modulus for a given public key in PKCS#1v15 and PSS now (I believe?), these checks aren't applied until signature verification time, whereas I think this sort of sanity limit would be better applied before we ever parse to a
BigUint
.It could also form an upper bound on what we consider acceptable as an RSA private key, where we currently have no limit.
Perhaps 16384-bits would be acceptable? /cc @dignifiedquire
The text was updated successfully, but these errors were encountered: