Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

digsig: add hash size comparision on signature verification

When pkcs_1_v1_5_decode_emsa() returns without error and hash sizes do
not match, hash comparision is not done and digsig_verify_rsa() returns
no error. This is a bug and this patch fixes it.

The bug was introduced in v3.3 by commit b35e286a640f ("lib/digsig:
pkcs_1_v1_5_decode_emsa cleanup").

Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Dmitry Kasatkin and committed by
Linus Torvalds
bc01637a 8507876a

+4 -2
+4 -2
lib/digsig.c
··· 163 163 memcpy(out1 + head, p, l); 164 164 165 165 err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len); 166 + if (err) 167 + goto err; 166 168 167 - if (!err && len == hlen) 168 - err = memcmp(out2, h, hlen); 169 + if (len != hlen || memcmp(out2, h, hlen)) 170 + err = -EINVAL; 169 171 170 172 err: 171 173 mpi_free(in);