diff options
Diffstat (limited to 'scd/app-openpgp.c')
| -rw-r--r-- | scd/app-openpgp.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 439052f8c..d4439e7c3 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -5445,9 +5445,15 @@ do_auth (app_t app, ctrl_t ctrl, const char *keyidstr, goto indata_ready; } - if (app->app_local->keyattr[2].key_type == KEY_TYPE_RSA - && indatalen > 101) /* For a 2048 bit key. */ - return gpg_error (GPG_ERR_INV_VALUE); + if (app->app_local->keyattr[2].key_type == KEY_TYPE_RSA) + { + int size_40percent = (app->app_local->keyattr[2].rsa.n_bits+7)/8 * 4; + + /* OpenPGP card does PKCS#1 for RSA, data should not be larger + than 40% of the modulus length. */ + if (indatalen * 10 > size_40percent) + return gpg_error (GPG_ERR_INV_VALUE); + } if (app->app_local->keyattr[2].key_type == KEY_TYPE_ECC) { |