diff options
Diffstat (limited to 'lib/digsig.c')
-rw-r--r-- | lib/digsig.c | 41 |
1 files changed, 14 insertions, 27 deletions
diff --git a/lib/digsig.c b/lib/digsig.c index 8c0e62975c88..0103c5b9b802 100644 --- a/lib/digsig.c +++ b/lib/digsig.c | |||
@@ -30,11 +30,10 @@ | |||
30 | 30 | ||
31 | static struct crypto_shash *shash; | 31 | static struct crypto_shash *shash; |
32 | 32 | ||
33 | static int pkcs_1_v1_5_decode_emsa(const unsigned char *msg, | 33 | static const char *pkcs_1_v1_5_decode_emsa(const unsigned char *msg, |
34 | unsigned long msglen, | 34 | unsigned long msglen, |
35 | unsigned long modulus_bitlen, | 35 | unsigned long modulus_bitlen, |
36 | unsigned char *out, | 36 | unsigned long *outlen) |
37 | unsigned long *outlen) | ||
38 | { | 37 | { |
39 | unsigned long modulus_len, ps_len, i; | 38 | unsigned long modulus_len, ps_len, i; |
40 | 39 | ||
@@ -42,11 +41,11 @@ static int pkcs_1_v1_5_decode_emsa(const unsigned char *msg, | |||
42 | 41 | ||
43 | /* test message size */ | 42 | /* test message size */ |
44 | if ((msglen > modulus_len) || (modulus_len < 11)) | 43 | if ((msglen > modulus_len) || (modulus_len < 11)) |
45 | return -EINVAL; | 44 | return NULL; |
46 | 45 | ||
47 | /* separate encoded message */ | 46 | /* separate encoded message */ |
48 | if ((msg[0] != 0x00) || (msg[1] != (unsigned char)1)) | 47 | if (msg[0] != 0x00 || msg[1] != 0x01) |
49 | return -EINVAL; | 48 | return NULL; |
50 | 49 | ||
51 | for (i = 2; i < modulus_len - 1; i++) | 50 | for (i = 2; i < modulus_len - 1; i++) |
52 | if (msg[i] != 0xFF) | 51 | if (msg[i] != 0xFF) |
@@ -56,19 +55,13 @@ static int pkcs_1_v1_5_decode_emsa(const unsigned char *msg, | |||
56 | if (msg[i] != 0) | 55 | if (msg[i] != 0) |
57 | /* There was no octet with hexadecimal value 0x00 | 56 | /* There was no octet with hexadecimal value 0x00 |
58 | to separate ps from m. */ | 57 | to separate ps from m. */ |
59 | return -EINVAL; | 58 | return NULL; |
60 | 59 | ||
61 | ps_len = i - 2; | 60 | ps_len = i - 2; |
62 | 61 | ||
63 | if (*outlen < (msglen - (2 + ps_len + 1))) { | ||
64 | *outlen = msglen - (2 + ps_len + 1); | ||
65 | return -EOVERFLOW; | ||
66 | } | ||
67 | |||
68 | *outlen = (msglen - (2 + ps_len + 1)); | 62 | *outlen = (msglen - (2 + ps_len + 1)); |
69 | memcpy(out, &msg[2 + ps_len + 1], *outlen); | ||
70 | 63 | ||
71 | return 0; | 64 | return msg + 2 + ps_len + 1; |
72 | } | 65 | } |
73 | 66 | ||
74 | /* | 67 | /* |
@@ -83,7 +76,8 @@ static int digsig_verify_rsa(struct key *key, | |||
83 | unsigned long mlen, mblen; | 76 | unsigned long mlen, mblen; |
84 | unsigned nret, l; | 77 | unsigned nret, l; |
85 | int head, i; | 78 | int head, i; |
86 | unsigned char *out1 = NULL, *out2 = NULL; | 79 | unsigned char *out1 = NULL; |
80 | const char *m; | ||
87 | MPI in = NULL, res = NULL, pkey[2]; | 81 | MPI in = NULL, res = NULL, pkey[2]; |
88 | uint8_t *p, *datap, *endp; | 82 | uint8_t *p, *datap, *endp; |
89 | struct user_key_payload *ukp; | 83 | struct user_key_payload *ukp; |
@@ -120,7 +114,7 @@ static int digsig_verify_rsa(struct key *key, | |||
120 | } | 114 | } |
121 | 115 | ||
122 | mblen = mpi_get_nbits(pkey[0]); | 116 | mblen = mpi_get_nbits(pkey[0]); |
123 | mlen = (mblen + 7)/8; | 117 | mlen = DIV_ROUND_UP(mblen, 8); |
124 | 118 | ||
125 | if (mlen == 0) | 119 | if (mlen == 0) |
126 | goto err; | 120 | goto err; |
@@ -129,10 +123,6 @@ static int digsig_verify_rsa(struct key *key, | |||
129 | if (!out1) | 123 | if (!out1) |
130 | goto err; | 124 | goto err; |
131 | 125 | ||
132 | out2 = kzalloc(mlen, GFP_KERNEL); | ||
133 | if (!out2) | ||
134 | goto err; | ||
135 | |||
136 | nret = siglen; | 126 | nret = siglen; |
137 | in = mpi_read_from_buffer(sig, &nret); | 127 | in = mpi_read_from_buffer(sig, &nret); |
138 | if (!in) | 128 | if (!in) |
@@ -162,18 +152,15 @@ static int digsig_verify_rsa(struct key *key, | |||
162 | memset(out1, 0, head); | 152 | memset(out1, 0, head); |
163 | memcpy(out1 + head, p, l); | 153 | memcpy(out1 + head, p, l); |
164 | 154 | ||
165 | err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len); | 155 | m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len); |
166 | if (err) | ||
167 | goto err; | ||
168 | 156 | ||
169 | if (len != hlen || memcmp(out2, h, hlen)) | 157 | if (!m || len != hlen || memcmp(m, h, hlen)) |
170 | err = -EINVAL; | 158 | err = -EINVAL; |
171 | 159 | ||
172 | err: | 160 | err: |
173 | mpi_free(in); | 161 | mpi_free(in); |
174 | mpi_free(res); | 162 | mpi_free(res); |
175 | kfree(out1); | 163 | kfree(out1); |
176 | kfree(out2); | ||
177 | while (--i >= 0) | 164 | while (--i >= 0) |
178 | mpi_free(pkey[i]); | 165 | mpi_free(pkey[i]); |
179 | err1: | 166 | err1: |