diff options
Diffstat (limited to 'vendor/github.com/miekg/dns/dnssec.go')
-rw-r--r-- | vendor/github.com/miekg/dns/dnssec.go | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/vendor/github.com/miekg/dns/dnssec.go b/vendor/github.com/miekg/dns/dnssec.go index 478cb1e90..7e6bac428 100644 --- a/vendor/github.com/miekg/dns/dnssec.go +++ b/vendor/github.com/miekg/dns/dnssec.go @@ -542,20 +542,20 @@ func (k *DNSKEY) publicKeyRSA() *rsa.PublicKey { explen = uint16(keybuf[1])<<8 | uint16(keybuf[2]) keyoff = 3 } + if explen > 4 { + // Larger exponent than supported by the crypto package. + return nil + } pubkey := new(rsa.PublicKey) pubkey.N = big.NewInt(0) - shift := uint64((explen - 1) * 8) expo := uint64(0) - for i := int(explen - 1); i > 0; i-- { - expo += uint64(keybuf[keyoff+i]) << shift - shift -= 8 - } - // Remainder - expo += uint64(keybuf[keyoff]) - if expo > (2<<31)+1 { - // Larger expo than supported. - // println("dns: F5 primes (or larger) are not supported") + for i := 0; i < int(explen); i++ { + expo <<= 8 + expo |= uint64(keybuf[keyoff+i]) + } + if expo > 1<<31-1 { + // Larger exponent than supported by the crypto package. return nil } pubkey.E = int(expo) |