diff options
| -rw-r--r-- | crypto/rsa/rsa.c | 7 | ||||
| -rw-r--r-- | include/openssl/rsa.h | 2 |
2 files changed, 7 insertions, 2 deletions
diff --git a/crypto/rsa/rsa.c b/crypto/rsa/rsa.c index 2f23165c..63eb170c 100644 --- a/crypto/rsa/rsa.c +++ b/crypto/rsa/rsa.c @@ -56,6 +56,7 @@ #include <openssl/rsa.h> +#include <limits.h> #include <string.h> #include <openssl/bn.h> @@ -240,7 +241,7 @@ int RSA_decrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, padding); } -int RSA_private_decrypt(int flen, const uint8_t *from, uint8_t *to, RSA *rsa, +int RSA_private_decrypt(size_t flen, const uint8_t *from, uint8_t *to, RSA *rsa, int padding) { size_t out_len; @@ -248,6 +249,10 @@ int RSA_private_decrypt(int flen, const uint8_t *from, uint8_t *to, RSA *rsa, return -1; } + if (out_len > INT_MAX) { + OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW); + return -1; + } return out_len; } diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 2be50dcb..e44e228e 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -164,7 +164,7 @@ OPENSSL_EXPORT int RSA_public_encrypt(int flen, const uint8_t *from, * * WARNING: this function is dangerous because it breaks the usual return value * convention. Use |RSA_decrypt| instead. */ -OPENSSL_EXPORT int RSA_private_decrypt(int flen, const uint8_t *from, +OPENSSL_EXPORT int RSA_private_decrypt(size_t flen, const uint8_t *from, uint8_t *to, RSA *rsa, int padding); /* RSA_message_index_PKCS1_type_2 performs the first step of a PKCS #1 padding |