[openssl.org #770] Bug Report: bit/byte mismatch in ssl3_check_cert_and_algorithm

c zhang via RT Tue, 18 Nov 2003 00:38:30 -0800

OpenSSL 0.9.7c 30 Sep 2003
built on: Thu Nov 13 23:47:30 2003
platform: VC-NT
options:  bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) 
blowfish(idx)
compiler: cl  /MDd /W3 /WX /Zi /Yd /Od /nologo -DOPENSSL_SYSNAME_WIN32 
-D_DEBUG
-DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32 -DOPENSSL_SYSNAME_WINNT 
/Fd
out32dll -DOPENSSL_NO_KRB5
OPENSSLDIR: "/usr/local/ssl"


Problem discription:
In the function ssl3_check_cert_and_algorithm, line 1949-1950 in s3_clnt.c, 
the code
        if (rsa == NULL
            || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
has a type mismatch error: RSA_size is in byte while SSL_C_EXPORT_PKEYLENGTH 
is in bits.

Solution:
should change it to to
                       RSA_size(rsa) *8 > 
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)

Thanks,
Charles Zhang
[EMAIL PROTECTED]

_________________________________________________________________
Send a QuickGreet with MSN Messenger 
http://www.msnmessenger-download.com/tracking/cdp_games

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

[openssl.org #770] Bug Report: bit/byte mismatch in ssl3_check_cert_and_algorithm

Reply via email to