[PATCH v2 1/1] digsig: add hash size comparision on signature verification

From: Dmitry Kasatkin
Date: Wed Sep 12 2012 - 06:27:10 EST


Commit b35e286a640f31d619a637332972498b51f3fd90 introduced the bug.

When pkcs_1_v1_5_decode_emsa() returns without error and hash sizes do not
match, hash comparision is not done and digsig_verify_rsa() returns no error.
This is a bug and this patch fixes it.

Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@xxxxxxxxx>
---
lib/digsig.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/digsig.c b/lib/digsig.c
index 286d558..8c0e629 100644
--- a/lib/digsig.c
+++ b/lib/digsig.c
@@ -163,9 +163,11 @@ static int digsig_verify_rsa(struct key *key,
memcpy(out1 + head, p, l);

err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len);
+ if (err)
+ goto err;

- if (!err && len == hlen)
- err = memcmp(out2, h, hlen);
+ if (len != hlen || memcmp(out2, h, hlen))
+ err = -EINVAL;

err:
mpi_free(in);
--
1.7.9.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/