From 1c4d82a776105ee1a16ec0cededd7f489c485ed6 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Tue, 26 Nov 2002 11:14:38 +0000
Subject: [PATCH] The logic in the main signing and verifying functions to
 check lengths was incorrect.  Fortunately, there is a second check that's
 correct, when adding the pads. PR: 355

---
 crypto/rsa/rsa.h      | 2 ++
 crypto/rsa/rsa_pk1.c  | 2 +-
 crypto/rsa/rsa_saos.c | 2 +-
 crypto/rsa/rsa_sign.c | 2 +-
 4 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index 8f391117d8..76aed3cb38 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -169,6 +169,8 @@ struct rsa_st
 #define RSA_NO_PADDING		3
 #define RSA_PKCS1_OAEP_PADDING	4
 
+#define RSA_PKCS1_PADDING_SIZE	11
+
 #define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
 #define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
 
diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
index 48a32bc264..b3f1c2200d 100644
--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
@@ -68,7 +68,7 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
 	int j;
 	unsigned char *p;
 
-	if (flen > (tlen-11))
+	if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
 		{
 		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
 		return(0);
diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c
index c77f4381ff..ffbc4d85a4 100644
--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
@@ -76,7 +76,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
 
 	i=i2d_ASN1_OCTET_STRING(&sig,NULL);
 	j=RSA_size(rsa);
-	if ((i-RSA_PKCS1_PADDING) > j)
+	if (i > (j-RSA_PKCS1_PADDING_SIZE))
 		{
 		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
 		return(0);
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 31049b9791..68542f25c0 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -109,7 +109,7 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
 		i=i2d_X509_SIG(&sig,NULL);
 	}
 	j=RSA_size(rsa);
-	if ((i-RSA_PKCS1_PADDING) > j)
+	if (i > (j-RSA_PKCS1_PADDING_SIZE))
 		{
 		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
 		return(0);
-- 
2.25.1