I was just browsing the TomCrypt documentation[1], and I noticed the
function `rsa_sign_saltlen_get_max`, documented as
"""
As stated in the PKCS#1 RFC3447 ”Typical salt lengths in octets are hLen
(the length of the output of the hash function Hash) and 0”. This
function is provided to be able to use other lengths as well and to make
sure at runtime that the RSA key can handle the desired salt length.
"""
However, in the Firebird code, the following check is made instead:
```
SLONG saltLength = 8;
if (dscHasData(dscs[RSA_SIGN_ARG_SALTLEN]))
{
saltLength = MOV_get_long(tdbb, dscs[RSA_SIGN_ARG_SALTLEN], 0);
if (saltLength < 0 || saltLength > 32)
status_exception::raise(Arg::Gds(isc_arith_except) <<
Arg::Gds(isc_numeric_out_of_range));
}
```
Shouldn't this use `rsa_sign_saltlen_get_max` instead?
[1]:
https://github.com/libtom/libtomcrypt/releases/download/v1.18.2/crypt-1.18.2.pdf
--
Mark Rotteveel
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel