From: Martin Willi <martin@strongswan.org>
Date: Mon, 15 Jun 2009 11:49:30 +0000 (+0200)
Subject: check if RSA key is large enough to sign a chunk of data
X-Git-Tag: 4.3.2~59
X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=3176e4421fef0e75efe824b4103cfd8774f775d6;ds=sidebyside

check if RSA key is large enough to sign a chunk of data
---

diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index dec4e46..cbc1127 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -248,6 +248,13 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
 		data = digestInfo;
 	}
 
+	if (data.len > this->k - 3)
+	{
+		free(digestInfo.ptr);
+		DBG1("unable to sign %d bytes using a %dbit key", data.len, this->k * 8);
+		return FALSE;
+	}
+	
 	/* build chunk to rsa-decrypt:
 	 * EM = 0x00 || 0x01 || PS || 0x00 || T. 
 	 * PS = 0xFF padding, with length to fill em