On 2/21/06, Alpt <[EMAIL PROTECTED]> wrote: > On Tue, Feb 21, 2006 at 01:49:25PM +0100, <Dr. Stephen Henson>: > ~> The way you are supposed to use this stuff is to first get the length, then > ~> allocate enough memory and finally write out the encoding. > ~> > ~> It isn't a good idea to make assumptions about the maximum size. It risks > ~> buffer overrun vulnerabilities. There have been actual cases of that > ~> happening. > > Ok, but I need to know its upper bound limit in order to reject bad headers > where the skey_len is > of the maximum allowed value. > What is it for a key of 1024 bits? > 700 bytes are sufficient?
My "best-practice" suggestion is to not constrain it, and try to handle it regardless, no matter what the size is said to be. I know people paranoid enough to use 4096-bit keys. (1981: "640k should be enough for anybody." -Bill Gates) Why constrain your users to arbitrary limits? > Does the pkey_len change too? > With a key of 1024 I've only got pkey of 140 bytes (packed). 1024 bits / 8 bits per byte = 128 bytes. Add a bit more for overhead, and 140 is a reasonable number. -Kyle H ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
