Attachment 571759 Details for Bug 804345 – Proposed patch

[patch] Proposed patch

fix-sig.patch (text/plain), 1.23 KB, created by Milan Broz on 2012-03-21 16:12:21 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Milan Broz

Created: 2012-03-21 16:12:21 UTC

Size: 1.23 KB

patch

obsolete

>Fix signature verification for shorter signatures
>
>gpg can produce signature file where length of signature
>is lower than modulus size (this regularly happens
>for several modules durigng build).
>
>Fix it by relaxing check in RSA verification code.
>
>Thanks to Tomas Mraz and Miloslav Trmac for help.
>
>Signed-off-by: Milan Broz <mbroz@redhat.com>
>--- a/security/keys/crypto_rsa.c
>+++ a/security/keys/crypto_rsa.c
>@@ -219,15 +219,24 @@
> 	kenter("");
> 
> 	/* (1) Check the signature size against the public key modulus size */
>-	k = (mpi_get_nbits(key->rsa.n) + 7) / 8;
>+	k = mpi_get_nbits(key->rsa.n);
>+	tsize = mpi_get_nbits(sig->rsa.s);
> 
>-	tsize = (mpi_get_nbits(sig->rsa.s) + 7) / 8;
>+	/* According to RFC 4880 sec 3.2, length of MPI is computed starting
>+	 * from most significant bit.
>+	 * So the RFC 3447 sec 8.2.2 size check must be relaxed to conform
>+	 * with shorter signatures.
>+	 * Fail here only if signature length is longer than modulus size.
>+	 */
> 	pr_devel("step 1: k=%zu size(S)=%zu\n", k, tsize);
>-	if (tsize != k) {
>+	if (k < tsize) {
> 		ret = -EBADMSG;
> 		goto error;
> 	}
> 
>+	/* Round up to octets */
>+	k = (k + 7) / 8;
>+
> 	/* (2b) Apply the RSAVP1 verification primitive to the public key */
> 	ret = RSAVP1(key, sig->rsa.s, &m);
> 	if (ret < 0)

Actions: View | Diff

Attachments on bug 804345: 571759