- Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size management (Closes ticket #44)
diff --git a/ChangeLog b/ChangeLog
index 539256b..1397551 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -26,6 +26,8 @@
(Credits go to Marco Lizza)
* Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory
trade-off
+ * Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size
+ management (Closes ticket #44)
Bugfix
* Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes
diff --git a/include/polarssl/bignum.h b/include/polarssl/bignum.h
index 1e46d12..2b8e823 100644
--- a/include/polarssl/bignum.h
+++ b/include/polarssl/bignum.h
@@ -57,6 +57,16 @@
#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
/*
+ * Maximum size of MPIs allowed in bits and bytes for user-MPIs.
+ * ( Default: 512 bytes => 4096 bits )
+ *
+ * Note: Calculations can results temporarily in larger MPIs. So the number
+ * of limbs required (POLARSSL_MPI_MAX_LIMBS) is higher.
+ */
+#define POLARSSL_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
+#define POLARSSL_MPI_MAX_BITS ( 8 * POLARSSL_MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */
+
+/*
* Define the base integer type, architecture-wise
*/
#if defined(POLARSSL_HAVE_INT8)
@@ -572,7 +582,7 @@
* \brief Prime number generation
*
* \param X Destination MPI
- * \param nbits Required size of X in bits ( 3 <= nbits <= 4096 )
+ * \param nbits Required size of X in bits ( 3 <= nbits <= POLARSSL_MPI_MAX_BITS )
* \param dh_flag If 1, then (X-1)/2 will be prime too
* \param f_rng RNG function
* \param p_rng RNG parameter
diff --git a/library/bignum.c b/library/bignum.c
index d4035b6..36e78e1 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -440,7 +440,10 @@
t_uint d;
size_t slen;
char *p;
- char s[1024];
+ /*
+ * Buffer should have space for (short) label and hexified MPI and '\0'
+ */
+ char s[ 2 * POLARSSL_MPI_MAX_SIZE + 10 ];
memset( s, 0, sizeof( s ) );
if( fgets( s, sizeof( s ) - 1, fin ) == NULL )
@@ -465,7 +468,10 @@
{
int ret;
size_t n, slen, plen;
- char s[2048];
+ /*
+ * Buffer should have space for minus sign, hexified MPI and '\0'
+ */
+ char s[ 2 * POLARSSL_MPI_MAX_SIZE + 2 ];
n = sizeof( s );
memset( s, 0, n );
@@ -1867,7 +1873,7 @@
size_t k, n;
mpi Y;
- if( nbits < 3 || nbits > 4096 )
+ if( nbits < 3 || nbits > POLARSSL_MPI_MAX_BITS )
return( POLARSSL_ERR_MPI_BAD_INPUT_DATA );
mpi_init( &Y );
diff --git a/library/rsa.c b/library/rsa.c
index de8e765..8cadcad 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -142,7 +142,7 @@
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
if( mpi_msb( &ctx->N ) < 128 ||
- mpi_msb( &ctx->N ) > 4096 )
+ mpi_msb( &ctx->N ) > POLARSSL_MPI_MAX_BITS )
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
if( mpi_msb( &ctx->E ) < 2 ||