RSA_size() and DH_size() return the amount of bytes in a key, and we
authorRichard Levitte <levitte@openssl.org>
Fri, 28 Nov 2003 23:03:14 +0000 (23:03 +0000)
committerRichard Levitte <levitte@openssl.org>
Fri, 28 Nov 2003 23:03:14 +0000 (23:03 +0000)
compared it to the amount of bits required...
PR: 770
Submitted by: c zhang <czhang2005@hotmail.com>

ssl/s3_clnt.c

index 6b29f04..96631db 100644 (file)
@@ -2354,7 +2354,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
                if (algs & SSL_kRSA)
                        {
                        if (rsa == NULL
-                           || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+                           || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
                                {
                                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
                                goto f_err;
@@ -2366,7 +2366,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
                        if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
                            {
                            if (dh == NULL
-                               || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+                               || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
                                {
                                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
                                goto f_err;