generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

The hash length check wasn't strict enough,

Browse Source 
as pointed out by Ernst G Giessmann
This commit is contained in:
Bodo Möller 2007-11-16 13:01:14 +00:00
parent 10f0c85cfc
commit da989402f2
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
crypto/ecdsa/ecs_ossl.c
View File

@ -251,8 +251,16 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
goto err; goto err;
} }
if (dgst_len > BN_num_bytes(order)) if (8 * dgst_len > BN_num_bits(order))
{ {
/* XXX
*
* Should provide for optional hash truncation:
* Keep the BN_num_bits(order) leftmost bits of dgst
* (see March 2006 FIPS 186-3 draft, which has a few
* confusing errors in this part though)
*/
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
goto err; goto err;