Skip to content
Snippets Groups Projects
Commit 5e00481b authored by  's avatar   Committed by Herbert Xu
Browse files

crypto: rsassa-pkcs1 - Harden digest length verification 


The RSASSA-PKCS1-v1_5 sign operation currently only checks that the
digest length is less than "key_size - hash_prefix->size - 11".
The verify operation merely checks that it's more than zero.

Actually the precise digest length is known because the hash algorithm
is specified upon instance creation and the digest length is encoded
into the final byte of the hash algorithm's Full Hash Prefix.

So check for the exact digest length rather than solely relying on
imprecise maximum/minimum checks.

Keep the maximum length check for the sign operation as a safety net,
but drop the now unnecessary minimum check for the verify operation.

Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 1e562dea
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 19 additions and 1 deletion
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment