Skip to content

Commit

Permalink
digsig: add hash size comparision on signature verification
Browse files Browse the repository at this point in the history 
When pkcs_1_v1_5_decode_emsa() returns without error and hash sizes do
not match, hash comparision is not done and digsig_verify_rsa() returns
no error.  This is a bug and this patch fixes it.

The bug was introduced in v3.3 by commit b35e286 ("lib/digsig:
pkcs_1_v1_5_decode_emsa cleanup").

Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
Dmitry Kasatkin authored and Linus Torvalds committed Sep 13, 2012
1 parent 8507876 commit bc01637
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions lib/digsig.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,9 +163,11 @@ static int digsig_verify_rsa(struct key *key,
memcpy(out1 + head, p, l);

err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len);
if (err)
goto err;

if (!err && len == hlen)
err = memcmp(out2, h, hlen);
if (len != hlen || memcmp(out2, h, hlen))
err = -EINVAL;

err:
mpi_free(in);
Expand Down

0 comments on commit bc01637

Please sign in to comment.