Re: [Patch] b64Buf to short for certs with a key length longer than 1024 bits

Thu, 02 Dec 2004 06:55:07 -0800 

Here's another one. OpenSSLCryptoKeyRSA.cpp line 198:

unsigned char sigVal[512];

I was using 4096 bit RSA key and it was corrupting stack during
signature verification. I changed buffer size to 1024 and it works
now. EVP_DecodeUpdate still returns 512 bytes and EVP_DecodeFinal()
returns 0 and probably 513 bytes would be enough, but I like even
numbers. Anyhow, there's a problem there.

Vadim

On Sun, 28 Nov 2004 22:36:20 +1100, Berin Lautenbach
<[EMAIL PROTECTED]> wrote:
> Michael,
> 
> Thanks for that!  I have just committed to CVS.
> 
> Cheers,
>        Berin
> 
> Michael Braunoeder wrote:
> > Hi,
> >
> > I noticed some problems generating XML-signatures with certificates
> > which have a key longer than 1024 bits. DSIGSignature::sign produced an
> > signature without an errors, but when I tried to verify the signature I
> >  got an "OpenSSL:RSA::verify() - Error decrypting signature" execption.
> >
> > The problem was the
> > char b64Buf[256];
> > in DSIGSignature::sign. This is to small for longer keys.
> > The attached patch changes the length to 1024. It works now for keys
> > with a key length of 2048 and 4096.
> >
> > kind regards,
> > Michael
> >
> >
> > ------------------------------------------------------------------------
> >
> > diff -r -u xml-security-c-1.1.0.orig/src/dsig/DSIGSignature.cpp 
> > xml-security-c-1.1.0/src/dsig/DSIGSignature.cpp
> > --- xml-security-c-1.1.0.orig/src/dsig/DSIGSignature.cpp      2004-03-07 
> > 04:20:51.000000000 +0100
> > +++ xml-security-c-1.1.0/src/dsig/DSIGSignature.cpp   2004-11-16 
> > 12:07:08.000000000 +0100
> > @@ -1102,7 +1102,7 @@
> >
> >       // Now check the calculated hash
> >
> > -     char b64Buf[256];
> > +     char b64Buf[1024];
> >       unsigned int b64Len;
> >       safeBuffer b64SB;
> >
> > @@ -1122,7 +1122,7 @@
> >                       hash,
> >                       hashLen,
> >                       (char *) b64Buf,
> > -                     256);
> > +                     1024);
> >
> >               if (b64Len <= 0) {
> >
> > @@ -1152,7 +1152,7 @@
> >                       hash,
> >                       hashLen,
> >                       (char *) b64Buf,
> > -                     256);
> > +                     1024);
> >
> >               if (b64Len <= 0) {
> >
> > @@ -1186,7 +1186,7 @@
> >                                                               hashLen,
> >                                                               
> > mp_signedInfo->getHMACOutputLength());
> >
> > -             strncpy(b64Buf, (char *) b64SB.rawBuffer(), 255);
> > +             strncpy(b64Buf, (char *) b64SB.rawBuffer(), 1024);
> >               break;
> >
> >       default :
>

Reply via email to