diff options
author | David Benjamin <davidben@chromium.org> | 2015-09-19 20:35:39 +0300 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2015-09-24 02:55:18 +0300 |
commit | 79c59a30b5e7dd7d093e9d3c759848792211f8ee (patch) | |
tree | 3abdeea0d41cc865c309c598ce5a5129a76261ce /crypto | |
parent | d98dc1311e20193ac188e359e91aeaaf5cc3a7e2 (diff) |
size_t RSA_private_decrypt's input.
Change-Id: If05761052e235b38d9798b2fe4d8ba44293af891
Reviewed-on: https://boringssl-review.googlesource.com/5944
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/rsa/rsa.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/crypto/rsa/rsa.c b/crypto/rsa/rsa.c index 2f23165c..63eb170c 100644 --- a/crypto/rsa/rsa.c +++ b/crypto/rsa/rsa.c @@ -56,6 +56,7 @@ #include <openssl/rsa.h> +#include <limits.h> #include <string.h> #include <openssl/bn.h> @@ -240,7 +241,7 @@ int RSA_decrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, padding); } -int RSA_private_decrypt(int flen, const uint8_t *from, uint8_t *to, RSA *rsa, +int RSA_private_decrypt(size_t flen, const uint8_t *from, uint8_t *to, RSA *rsa, int padding) { size_t out_len; @@ -248,6 +249,10 @@ int RSA_private_decrypt(int flen, const uint8_t *from, uint8_t *to, RSA *rsa, return -1; } + if (out_len > INT_MAX) { + OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW); + return -1; + } return out_len; } |