check if RSA key is large enough to sign a chunk of data

author Martin Willi <martin@strongswan.org>

Mon, 15 Jun 2009 11:49:30 +0000 (13:49 +0200)

committer Martin Willi <martin@strongswan.org>

Mon, 15 Jun 2009 11:49:30 +0000 (13:49 +0200)
author Martin Willi <martin@strongswan.org>
Mon, 15 Jun 2009 11:49:30 +0000 (13:49 +0200)
committer Martin Willi <martin@strongswan.org>
Mon, 15 Jun 2009 11:49:30 +0000 (13:49 +0200)
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c

index dec4e46..cbc1127 100644 (file)
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -248,6 +248,13 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
                 data = digestInfo;
         }
  
+       if (data.len > this->k - 3)
+       {
+               free(digestInfo.ptr);
+               DBG1("unable to sign %d bytes using a %dbit key", data.len, this->k * 8);
+               return FALSE;
+       }
+       
         /* build chunk to rsa-decrypt:
          * EM = 0x00 || 0x01 || PS || 0x00 || T. 
          * PS = 0xFF padding, with length to fill em
author	Martin Willi <martin@strongswan.org>
	Mon, 15 Jun 2009 11:49:30 +0000 (13:49 +0200)
committer	Martin Willi <martin@strongswan.org>
	Mon, 15 Jun 2009 11:49:30 +0000 (13:49 +0200)