From 8d56a4bff5448ae38f233c2bc189cb3755fbb2c8 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 12 Dec 2014 14:02:47 +0900
Subject: [PATCH] Change required by RSA-4096 support

---
 ChangeLog                 | 10 ++++++++++
 polarssl/library/bignum.c |  3 ++-
 polarssl/library/rsa.c    |  4 ++--
 src/gnuk.h                |  8 ++++----
 4 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 250441e..5d5371c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2014-12-03  NIIBE Yutaka  <gniibe@fsij.org>
+
+	Changes for RSA-4096.
+
+	* src/gnuk.h (MAX_CMD_APDU_DATA_SIZE, MAX_RES_APDU_DATA_SIZE):
+	Send/Recv buffer should be bigger.
+	* polarssl/library/bignum.c (mpi_exp_mod): Don't consume much.
+	* polarssl/library/rsa.c (rsa_rsaes_pkcs1_v15_decrypt): buffer
+	allocation size should be variable.
+
 2014-12-01  Niibe Yutaka  <gniibe@fsij.org>
 
 	* src/Makefile.in (DEFS): Don't define compile time preference of
diff --git a/polarssl/library/bignum.c b/polarssl/library/bignum.c
index 32649e9..1b4a5bc 100644
--- a/polarssl/library/bignum.c
+++ b/polarssl/library/bignum.c
@@ -1545,7 +1545,8 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR )
 {
     int ret;
     size_t i = mpi_msb( E );
-    size_t wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 :
+    size_t wsize = ( i > 1024 ) ? 4 : /* Because of not enough memory.  */
+      		   ( i > 671 ) ? 6 : ( i > 239 ) ? 5 :
                    ( i >  79 ) ? 4 : ( i >  23 ) ? 3 : 1;
     size_t wbits, one = 1;
     size_t nblimbs;
diff --git a/polarssl/library/rsa.c b/polarssl/library/rsa.c
index 901e32b..4885e9e 100644
--- a/polarssl/library/rsa.c
+++ b/polarssl/library/rsa.c
@@ -671,14 +671,14 @@ int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx,
     size_t ilen, pad_count = 0;
     unsigned char *p, *q;
     unsigned char bt;
-    unsigned char buf[POLARSSL_MPI_MAX_SIZE];
+    unsigned char buf[ctx->len];
 
     if( ctx->padding != RSA_PKCS_V15 )
         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
     ilen = ctx->len;
 
-    if( ilen < 16 || ilen > sizeof( buf ) )
+    if( ilen < 16)
         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
     ret = ( mode == RSA_PUBLIC )
diff --git a/src/gnuk.h b/src/gnuk.h
index 67c1ab4..88b526b 100644
--- a/src/gnuk.h
+++ b/src/gnuk.h
@@ -36,10 +36,10 @@ void ccid_card_change_signal (int how);
 #define EV_VERIFY_CMD_AVAILABLE (8)
 #define EV_MODIFY_CMD_AVAILABLE (16)
 
-/* Maximum cmd apdu data is key import 22+4+128+128 (proc_key_import) */
-#define MAX_CMD_APDU_DATA_SIZE (22+4+128+128) /* without header */
-/* Maximum res apdu data is public key 5+9+256 (gpg_do_public_key) */
-#define MAX_RES_APDU_DATA_SIZE (5+9+256) /* without trailer */
+/* Maximum cmd apdu data is key import 24+4+256+256 (proc_key_import) */
+#define MAX_CMD_APDU_DATA_SIZE (24+4+256+256) /* without header */
+/* Maximum res apdu data is public key 5+9+512 (gpg_do_public_key) */
+#define MAX_RES_APDU_DATA_SIZE (5+9+512) /* without trailer */
 
 #define ICC_MSG_HEADER_SIZE	10