Thanks. That is very reassuring.
>
> Jeffrey Altman via RT wrote:
> > What is the appropriate size for 'buf' in DSA_size()?
> >
> > 4 bytes is certainly not correct.
>
> Hi Jeffry,
>
> I think it's correct :-)
>
> int DSA_size(const DSA *r)
> {
> int ret,i;
> ASN1_INTEGER bs;
> unsigned char buf[4];
>
> i=BN_num_bits(r->q);
> bs.length=(i+7)/8;
> OPENSSL_assert(bs.length <= sizeof buf);
>
> I think this assertion wrong. Normally we have 2^159 < q < 2^160
> (see FIPS 186-2) => i == 160 => bs.length == 20 > 4
>
> bs.data=buf;
> bs.type=V_ASN1_INTEGER;
> /* If the top bit is set the asn1 encoding is 1 larger. */
> buf[0]=0xff;
> i=i2d_ASN1_INTEGER(&bs,NULL);
> i+=i; /* r and s */
> ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
> return(ret);
> }
>
> i2d_ASN1_INTEGER() calls i2c_ASN1_INTEGER() (a_int.c) and
> in i2c_ASN1_INTEGER() we have:
>
> int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
> // NOTE: pp == NULL
> {
> int pad=0,ret,i,neg;
> unsigned char *p,*n,pb=0;
>
> if ((a == NULL) || (a->data == NULL)) return(0);
> neg=a->type & V_ASN1_NEG;
> if (a->length == 0)
> ret=1;
> else
> {
> ret=a->length;
> i=a->data[0];
> // NOTE: a->data[0] == 0xff == 255
> if (!neg && (i > 127)) {
> pad=1;
> pb=0;
> } else if(neg) {
> if(i>128) {
> pad=1;
> pb=0xFF;
> } else if(i == 128) {
> ...
> }
> }
> ret+=pad;
> }
> if (pp == NULL) return(ret);
> ...
>
> hence only the first byte of 'buf' is used.
>
> Regards,
> Nils
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
