Add and use PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN.

`PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN` is measured in bytes, whereas `PUBLIC_MODULUS_MAX_LEN` was measured in bits.
2016-11-14 13:15:49 -10:00 · 2016-11-14 13:15:49 -10:00 · 5fb1fc8a5e
commit 5fb1fc8a5e
parent be08baa959
3 changed files with 9 additions and 7 deletions
--- a/src/rsa/padding.rs
+++ b/src/rsa/padding.rs
@ -13,6 +13,7 @@
 // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

 use {bits, der, digest, error, polyfill};
+use super::PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN;
 use untrusted;

 #[cfg(feature = "rsa_signing")]
@ -289,7 +290,7 @@ impl Verification for PSS {
        }

        // Step 7.
-        let mut db = [0u8; super::PUBLIC_MODULUS_MAX_LEN / 8];
+        let mut db = [0u8; PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN];
        let db = &mut db[..metrics.db_len];

        try!(mgf1(self.digest_alg, h_hash.as_slice_less_safe(), db));
--- a/src/rsa/rsa.rs
+++ b/src/rsa/rsa.rs
@ -24,8 +24,8 @@ pub use self::padding::{RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512,
                        RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512};


-// Maximum RSA modulus size supported for signature verification (in bits).
-const PUBLIC_MODULUS_MAX_LEN: usize = 8192;
+// Maximum RSA modulus size supported for signature verification (in bytes).
+const PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN: usize = 8192 / 8;

 /// Parameters for RSA verification.
 pub struct RSAParameters {
--- a/src/rsa/verification.rs
+++ b/src/rsa/verification.rs
@ -15,8 +15,8 @@
 /// RSA PKCS#1 1.5 signatures.

 use {bssl, c, error, private, signature};
-use super::{BIGNUM, PositiveInteger, PUBLIC_MODULUS_MAX_LEN, RSAParameters,
-            parse_public_key};
+use super::{BIGNUM, PositiveInteger, PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN,
+            RSAParameters, parse_public_key};
 use untrusted;


@ -110,7 +110,7 @@ pub fn verify_rsa(params: &RSAParameters,
                  msg: untrusted::Input, signature: untrusted::Input)
                  -> Result<(), error::Unspecified> {
    let signature = signature.as_slice_less_safe();
-    let mut decoded = [0u8; (PUBLIC_MODULUS_MAX_LEN + 7) / 8];
+    let mut decoded = [0u8; PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN];
    if signature.len() > decoded.len() {
        return Err(error::Unspecified);
    }
@ -121,7 +121,8 @@ pub fn verify_rsa(params: &RSAParameters,
    try!(bssl::map_result(unsafe {
        GFp_rsa_public_decrypt(decoded.as_mut_ptr(), decoded.len(), n.as_ref(),
                               e.as_ref(), signature.as_ptr(), signature.len(),
-                               params.min_bits, PUBLIC_MODULUS_MAX_LEN)
+                               params.min_bits,
+                               PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN * 8)
    }));

    untrusted::Input::from(decoded).read_all(