Re: [Patch] b64Buf to short for certs with a key length longer than 1024 bits

Fri, 03 Dec 2004 01:04:08 -0800

I've been thinking about this and the other one. The buffers should never be hard coded as to length in any way. I was being lazy when I wrote these bits of code, and now its burnt me.

I might just go into both files and base the buffer lengths on the length of the data being handled rather than pick some arbitrary length.

Thanks for picking these out.

Cheers,
        Berin


Vadim Ismailov wrote:

Here's another one. OpenSSLCryptoKeyRSA.cpp line 198:

unsigned char sigVal[512];

I was using 4096 bit RSA key and it was corrupting stack during
signature verification. I changed buffer size to 1024 and it works
now. EVP_DecodeUpdate still returns 512 bytes and EVP_DecodeFinal()
returns 0 and probably 513 bytes would be enough, but I like even
numbers. Anyhow, there's a problem there.

Vadim

On Sun, 28 Nov 2004 22:36:20 +1100, Berin Lautenbach
<[EMAIL PROTECTED]> wrote:

Michael,

Thanks for that!  I have just committed to CVS.

Cheers,
      Berin

Michael Braunoeder wrote:

Hi,

I noticed some problems generating XML-signatures with certificates
which have a key longer than 1024 bits. DSIGSignature::sign produced an
signature without an errors, but when I tried to verify the signature I
got an "OpenSSL:RSA::verify() - Error decrypting signature" execption.

The problem was the
char b64Buf[256];
in DSIGSignature::sign. This is to small for longer keys.
The attached patch changes the length to 1024. It works now for keys
with a key length of 2048 and 4096.

kind regards,
Michael


------------------------------------------------------------------------

diff -r -u xml-security-c-1.1.0.orig/src/dsig/DSIGSignature.cpp 
xml-security-c-1.1.0/src/dsig/DSIGSignature.cpp
--- xml-security-c-1.1.0.orig/src/dsig/DSIGSignature.cpp      2004-03-07 
04:20:51.000000000 +0100
+++ xml-security-c-1.1.0/src/dsig/DSIGSignature.cpp   2004-11-16 
12:07:08.000000000 +0100
@@ -1102,7 +1102,7 @@

     // Now check the calculated hash

-     char b64Buf[256];
+     char b64Buf[1024];
     unsigned int b64Len;
     safeBuffer b64SB;

@@ -1122,7 +1122,7 @@
                     hash,
                     hashLen,
                     (char *) b64Buf,
-                     256);
+                     1024);

             if (b64Len <= 0) {

@@ -1152,7 +1152,7 @@
                     hash,
                     hashLen,
                     (char *) b64Buf,
-                     256);
+                     1024);

             if (b64Len <= 0) {

@@ -1186,7 +1186,7 @@
                                                             hashLen,
                                                             
mp_signedInfo->getHMACOutputLength());

-             strncpy(b64Buf, (char *) b64SB.rawBuffer(), 255);
+             strncpy(b64Buf, (char *) b64SB.rawBuffer(), 1024);
             break;

default :



Reply via email to