diff options
| author | Bodo Möller <bodo@openssl.org> | 2007-11-16 14:01:14 +0100 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2007-11-16 14:01:14 +0100 |
| commit | da989402f22d44bab2e920ec4872e711991e0047 (patch) | |
| tree | 1e8cb5c59799e9ce8ebbd5ee7cbfb3a7c9f48180 /crypto | |
| parent | Fix warnings. (diff) | |
| download | openssl-da989402f22d44bab2e920ec4872e711991e0047.tar.xz openssl-da989402f22d44bab2e920ec4872e711991e0047.zip | |
The hash length check wasn't strict enough,
as pointed out by Ernst G Giessmann
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/ecdsa/ecs_ossl.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 32d66a9774..f8b5d4ed6a 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -251,8 +251,16 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); goto err; } - if (dgst_len > BN_num_bytes(order)) + if (8 * dgst_len > BN_num_bits(order)) { + /* XXX + * + * Should provide for optional hash truncation: + * Keep the BN_num_bits(order) leftmost bits of dgst + * (see March 2006 FIPS 186-3 draft, which has a few + * confusing errors in this part though) + */ + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); goto err; |