• Registered: 2017-09-27
  • Posts: 6

Topic: How long is needed as output buffer size used in wc_RsaSSL_Verify()?

I used wc_RsaSSL_Verify function for verifying with RSA Key. (the signature's size is 256 byte)

word32 output_len =  1073741824; // 2^30
unsigned char *output = (unsigned char *)malloc(output_len);
memset(output, 0, sizeof(output_len));
ret = wc_RsaSSL_Verify( signature,  sizeof(signature), output, output_len, &RSAkey );

I had changed output buffer's size to enough large until 2^29(536870912), but the function returned -131.
-131 is RSA_BUFFER_E, it means output is too small.

So I set output buffer size as 2^30, then the process is killed by SIGSEGV in system library.
Process 2093085 (temp) terminated SIGSEGV code=1 fltno=11 ip=0000000100076184(/usr/lib/ldqnx-64.so.2@__memset_isr+0x0000000000000064) mapaddr=0000000000076184. ref=0000000000000000

I think 2^29 is large enough, how long is needed? Is any precautions for using wc_RsaSSL_Verify()?

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: How long is needed as output buffer size used in wc_RsaSSL_Verify()?

Hi dragem,

the RSA_BUFFER_E description is: RSA buffer error, output too small OR input too large!

The signature is hashed to a fixed length using one of the hashing algorithms. If you are using SHA-256 for example you would want to set output_len to 256.

We have done this intentionally (forced user to use exact length) to prevent buffer over-flows or underflows.


Warmest Regards,

Kaleb

Kaleb J. Himes's Website

Share