On Wed, Feb 22, 2006, Alpt wrote: > On Tue, Feb 21, 2006 at 01:49:25PM +0100, <Dr. Stephen Henson>: > ~> The way you are supposed to use this stuff is to first get the length, then > ~> allocate enough memory and finally write out the encoding. > ~> > ~> It isn't a good idea to make assumptions about the maximum size. It risks > ~> buffer overrun vulnerabilities. There have been actual cases of that > ~> happening. > > Ok, but I need to know its upper bound limit in order to reject bad headers > where the skey_len is > of the maximum allowed value. > What is it for a key of 1024 bits? > 700 bytes are sufficient? >
If the key is generated by OpenSSL then it will never exceed a certain length. If it comes from outside by including invalid data it can be any size at all. If you want an idea of the maximum length here goes... The version number is zero. It has a header of two bytes and one byte content. The maximum value of the modulus is and private exponent is 129 octets with a three byte header. The other 5 components can be 65 bytes with a two byte header. The whole thing is surrounded by a 4 byte SEQUENCE header. Adding those up or correcting any typos left as an exercise to the reader... Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
