Hi all experts, Does there have any suggestions or comments for this patch to asymmetric keys?
Thanks a lot! Joey Lee 於 五,2013-07-12 於 11:11 +0800,Lee, Chun-Yi 提到: > From: Chun-Yi Lee <j...@suse.com> > > Per PKCS1 spec, the EMSA-PKCS1-v1_5 encoded message is leading by 0x00 0x01 in > its first 2 bytes. The leading zero byte is suppressed by MPI so we pass a > pointer to the _preceding_ byte to RSA_verify() in original code, but it has > risk for the byte is not zero because it's not in EM buffer's scope, neither > RSA_verify() nor mpi_get_buffer() didn't take care the leading byte. > > To avoid the risk, that's better we explicitly add the leading zero byte to EM > for pass to RSA_verify(). This patch allocate a _EM buffer to capture the > result from RSA_I2OSP(), then set the first byte to zero in EM and copy the > remaining bytes from _EM. > > Cc: Rusty Russell <ru...@rustcorp.com.au> > Cc: Josh Boyer <jwbo...@redhat.com> > Cc: Randy Dunlap <rdun...@xenotime.net> > Cc: Herbert Xu <herb...@gondor.apana.org.au> > Cc: "David S. Miller" <da...@davemloft.net> > Cc: David Howells <dhowe...@redhat.com> > Signed-off-by: Chun-Yi Lee <j...@suse.com> > --- > crypto/asymmetric_keys/rsa.c | 14 ++++++++++---- > 1 files changed, 10 insertions(+), 4 deletions(-) > > diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c > index ca1a4f3..7bc99d2 100644 > --- a/crypto/asymmetric_keys/rsa.c > +++ b/crypto/asymmetric_keys/rsa.c > @@ -303,6 +303,7 @@ static int RSA_verify_signature(const struct public_key > *key, > /* Variables as per RFC3447 sec 8.2.2 */ > const u8 *H = sig->digest; > u8 *EM = NULL; > + u8 *_EM = NULL; > MPI m = NULL; > size_t k; > > @@ -337,14 +338,19 @@ static int RSA_verify_signature(const struct public_key > *key, > /* (2c) Convert the message representative (m) to an encoded message > * (EM) of length k octets. > * > - * NOTE! The leading zero byte is suppressed by MPI, so we pass a > - * pointer to the _preceding_ byte to RSA_verify()! > + * NOTE! The leading zero byte is suppressed by MPI, so we add it > + * back to EM before input to RSA_verify()! > */ > - ret = RSA_I2OSP(m, k, &EM); > + ret = RSA_I2OSP(m, k, &_EM); > if (ret < 0) > goto error; > > - ret = RSA_verify(H, EM - 1, k, sig->digest_size, > + EM = kmalloc(k, GFP_KERNEL); > + memset(EM, 0, 1); > + memcpy(EM + 1, _EM, k-1); > + kfree(_EM); > + > + ret = RSA_verify(H, EM, k, sig->digest_size, > RSA_ASN1_templates[sig->pkey_hash_algo].data, > RSA_ASN1_templates[sig->pkey_hash_algo].size); > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
