diff options
author | Panu Matilainen <pmatilai@redhat.com> | 2009-04-16 11:08:25 +0300 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2009-04-16 11:08:25 +0300 |
commit | 8d0f65f7f7c46c375c886534429fe1601b7aa746 (patch) | |
tree | ddc6d5e80ee5dac41f5b7237d642f66a68884236 | |
parent | aa008a28e99fbd979657f49984b9798dfcd0b3da (diff) | |
download | rpm-8d0f65f7f7c46c375c886534429fe1601b7aa746.tar.gz rpm-8d0f65f7f7c46c375c886534429fe1601b7aa746.tar.bz2 rpm-8d0f65f7f7c46c375c886534429fe1601b7aa746.zip |
Pad RSA signatures up to modulus size if necessary (rhbz#494049)
- unfortunately can't be detected at initial allocation so extra
copy is needed at verification time
- this is commit 4c39a9df93c962c69e23ff48789cb950a105a44b backported
-rw-r--r-- | lib/signature.c | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/lib/signature.c b/lib/signature.c index 9ca8da5d1..a501f3ee2 100644 --- a/lib/signature.c +++ b/lib/signature.c @@ -1222,10 +1222,29 @@ verifyRSASignature(rpmKeyring keyring, rpmtd sigtd, pgpDig dig, char ** msg, if (res != RPMRC_OK) goto exit; - if (VFY_VerifyDigest(&digest, dig->rsa, dig->rsasig, sigalg, NULL) == SECSuccess) - res = RPMRC_OK; - else - res = RPMRC_FAIL; + { SECItem *sig = dig->rsasig; + size_t siglen = SECKEY_SignatureLen(dig->rsa); + + /* Zero-pad signature data up to expected size if necessary */ + if (siglen > sig->len) { + size_t pad = siglen - sig->len; + if ((sig = SECITEM_AllocItem(NULL, NULL, siglen)) == NULL) { + res = RPMRC_FAIL; + goto exit; + } + memset(sig->data, 0, pad); + memcpy(sig->data+pad, dig->rsasig->data, dig->rsasig->len); + } + + if (VFY_VerifyDigest(&digest, dig->rsa, sig, sigalg, NULL) == SECSuccess) + res = RPMRC_OK; + else + res = RPMRC_FAIL; + + if (sig != dig->rsasig) { + SECITEM_ZfreeItem(sig, 1); + } + } exit: if (sigp != NULL) { |