[gnutls-dev] [PATCH] another large RSA modulus problem

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnutls-dev] [PATCH] another large RSA modulus problem

From:	Ian Peters
Subject:	[gnutls-dev] [PATCH] another large RSA modulus problem
Date:	Tue Apr 1 00:28:01 2003

The same Thawte certificate as last time (with a 2048 byte signature
length) triggers a new problem in lib/x509/x509.c.  Patch bumps length
from 640 to 2400.  Should this just be MAX_PARAMETER_SIZE instead?

Also, any particular reason you're overestimating sizes like this?  In
most of these cases you can assume powers of two, so, why e.g. 640
instead of 512, etc?

Ian

diff -Nru -x '*~' -x '*.o' -x '*.orig' -x '*.rej' 
gnutls-0.9.4.orig/lib/x509/x509.c gnutls-0.9.4/lib/x509/x509.c
--- gnutls-0.9.4.orig/lib/x509/x509.c   2003-03-28 07:29:12.000000000 -0500
+++ gnutls-0.9.4/lib/x509/x509.c        2003-03-31 17:15:01.000000000 -0500
@@ -207,7 +207,7 @@
        
        /* Read the signature */
        {
-               opaque signature[640];
+               opaque signature[2400];
                int len;
                
                /* read the bit string of the signature

[Prev in Thread]

Current Thread

[Next in Thread]

[gnutls-dev] [PATCH] another large RSA modulus problem, Ian Peters <=
- Re: [gnutls-dev] [PATCH] another large RSA modulus problem, Nikos Mavroyanopoulos, 2003/03/31

Prev by Date: [gnutls-dev] [PATCH] compile error in libextra
Next by Date: Re: [gnutls-dev] [PATCH] another large RSA modulus problem
Previous by thread: [gnutls-dev] [PATCH] compile error in libextra
Next by thread: Re: [gnutls-dev] [PATCH] another large RSA modulus problem
Index(es):
- Date
- Thread