diff options
| author | Dmitry Kasatkin <dmitry.kasatkin@intel.com> | 2012-09-12 06:26:55 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-09-12 21:13:02 -0400 |
| commit | bc01637a80f5b670bd70a0279d3f93fa8de1c96d (patch) | |
| tree | 55913071b502e2adc7a2dd4daf3b5b92c5e06b65 | |
| parent | 8507876aaada8a2cf68ebccdf1d056465dd1fc11 (diff) | |
digsig: add hash size comparision on signature verification
When pkcs_1_v1_5_decode_emsa() returns without error and hash sizes do
not match, hash comparision is not done and digsig_verify_rsa() returns
no error. This is a bug and this patch fixes it.
The bug was introduced in v3.3 by commit b35e286a640f ("lib/digsig:
pkcs_1_v1_5_decode_emsa cleanup").
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| -rw-r--r-- | lib/digsig.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/digsig.c b/lib/digsig.c index 286d558033e2..8c0e62975c88 100644 --- a/lib/digsig.c +++ b/lib/digsig.c | |||
| @@ -163,9 +163,11 @@ static int digsig_verify_rsa(struct key *key, | |||
| 163 | memcpy(out1 + head, p, l); | 163 | memcpy(out1 + head, p, l); |
| 164 | 164 | ||
| 165 | err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len); | 165 | err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len); |
| 166 | if (err) | ||
| 167 | goto err; | ||
| 166 | 168 | ||
| 167 | if (!err && len == hlen) | 169 | if (len != hlen || memcmp(out2, h, hlen)) |
| 168 | err = memcmp(out2, h, hlen); | 170 | err = -EINVAL; |
| 169 | 171 | ||
| 170 | err: | 172 | err: |
| 171 | mpi_free(in); | 173 | mpi_free(in); |