The logic in the main signing and verifying functions to check lengths was

author Richard Levitte <levitte@openssl.org>

Tue, 26 Nov 2002 11:14:38 +0000 (11:14 +0000)

committer Richard Levitte <levitte@openssl.org>

Tue, 26 Nov 2002 11:14:38 +0000 (11:14 +0000)
author Richard Levitte <levitte@openssl.org>
Tue, 26 Nov 2002 11:14:38 +0000 (11:14 +0000)
committer Richard Levitte <levitte@openssl.org>
Tue, 26 Nov 2002 11:14:38 +0000 (11:14 +0000)
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h

index 8f391117d846f1d9710c8b1a773326759963437d..76aed3cb38522ea378aea8b7ac24d1ab7bcaf0af 100644 (file)
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -169,6 +169,8 @@ struct rsa_st
  #define RSA_NO_PADDING         3
  #define RSA_PKCS1_OAEP_PADDING 4
  
+#define RSA_PKCS1_PADDING_SIZE 11
+
  #define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
  #define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
  
diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c

index 48a32bc264a807e66b5fce3bd54a20b030b6936b..b3f1c2200dd5c357c4d1dca3e1e12cb63e0268f9 100644 (file)
--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
@@ -68,7 +68,7 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
         int j;
         unsigned char *p;
  
-       if (flen > (tlen-11))
+       if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
                 {
                 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 return(0);
diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c

index c77f4381ffb11a20c9c29bd8c01419a7438aceb0..ffbc4d85a40affc2c1a5c786ac4de1d02d32487c 100644 (file)
--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
@@ -76,7 +76,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
  
         i=i2d_ASN1_OCTET_STRING(&sig,NULL);
         j=RSA_size(rsa);
-       if ((i-RSA_PKCS1_PADDING) > j)
+       if (i > (j-RSA_PKCS1_PADDING_SIZE))
                 {
                 RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
                 return(0);
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c

index 31049b979194aad064003804436d7a98f0b7c7e8..68542f25c0bc0c89a78b94cbc2bb92a8b9fe3c10 100644 (file)
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -109,7 +109,7 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
                 i=i2d_X509_SIG(&sig,NULL);
         }
         j=RSA_size(rsa);
-       if ((i-RSA_PKCS1_PADDING) > j)
+       if (i > (j-RSA_PKCS1_PADDING_SIZE))
                 {
                 RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
                 return(0);
author	Richard Levitte <levitte@openssl.org>
	Tue, 26 Nov 2002 11:14:38 +0000 (11:14 +0000)
committer	Richard Levitte <levitte@openssl.org>
	Tue, 26 Nov 2002 11:14:38 +0000 (11:14 +0000)
crypto/rsa/rsa.h		patch \| blob \| history
crypto/rsa/rsa_pk1.c		patch \| blob \| history
crypto/rsa/rsa_saos.c		patch \| blob \| history
crypto/rsa/rsa_sign.c		patch \| blob \| history