From 2dd5efd96972c7ed0167907664130814ca9258b3 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Wed, 16 Mar 2016 15:25:52 -0600
Subject: [PATCH] sanity check for RSA key size and hash digest size

---
 wolfcrypt/src/rsa.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index 12c444fed..c1cd2f7a7 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -427,10 +427,19 @@ static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
        size aproaches 0. In decryption if k is less than or equal -- then there
        is no possible room for msg.
        k = RSA key size
-       hLen = hash digest size
+       hLen = hash digest size -- will always be >= 0 at this point
      */
-    if ((int)inputLen > ((int)pkcsBlockLen - 2 * hLen - 2)) {
-        WOLFSSL_MSG("OAEP pad error, message too long or hash to big for RSA key size");
+    if ((word32)(2 * hLen + 2) > pkcsBlockLen) {
+        WOLFSSL_MSG("OAEP pad error hash to big for RSA key size");
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(seed,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
+        return BAD_FUNC_ARG;
+    }
+
+    if (inputLen > (pkcsBlockLen - 2 * hLen - 2)) {
+        WOLFSSL_MSG("OAEP pad error message too long");
         #ifdef WOLFSSL_SMALL_STACK
             XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             XFREE(seed,  NULL, DYNAMIC_TYPE_TMP_BUFFER);