commit e384f4ed47e3de8b70012af64fa1d71109e441bc
parent f2e8db2e3dc4c9bb64a53aa19ecefb61a93f2bca
Author: Florian Dold <florian@dold.me>
Date: Thu, 9 Oct 2025 21:43:45 +0200
fix completely broken rsa_verify
Diffstat:
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/tart_module.c b/tart_module.c
@@ -1112,11 +1112,11 @@ rsa_verify(const HashCode *hash,
const RsaPub *pkey)
{
mbedtls_mpi r;
- mbedtls_mpi sig_2;
+ mbedtls_mpi sig_e;
int ret;
mbedtls_mpi_init(&r);
- mbedtls_mpi_init(&sig_2);
+ mbedtls_mpi_init(&sig_e);
/* Can fail if RSA key is malicious since rsa_gcd_validate failed here.
* It should have failed during GNUNET_CRYPTO_rsa_blind too though,
@@ -1126,9 +1126,9 @@ rsa_verify(const HashCode *hash,
* to GNUNET_CRYPTO_rsa_unblind. *///
MBEDTLS_MPI_CHK(rsa_full_domain_hash(&r, pkey, hash));
- MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&sig_2, sig, &pkey->e, &pkey->N, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&sig_e, sig, &pkey->e, &pkey->N, NULL));
- if (0 != mbedtls_mpi_cmp_mpi(sig, &sig_2)) {
+ if (0 != mbedtls_mpi_cmp_mpi(&r, &sig_e)) {
ret = -1;
} else {
ret = 0;
@@ -1136,7 +1136,7 @@ rsa_verify(const HashCode *hash,
cleanup:
mbedtls_mpi_free(&r);
- mbedtls_mpi_free(&sig_2);
+ mbedtls_mpi_free(&sig_e);
return ret;
}
