summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPanu Matilainen <pmatilai@redhat.com>2009-04-16 11:08:25 +0300
committerPanu Matilainen <pmatilai@redhat.com>2009-04-16 11:08:25 +0300
commit8d0f65f7f7c46c375c886534429fe1601b7aa746 (patch)
treeddc6d5e80ee5dac41f5b7237d642f66a68884236
parentaa008a28e99fbd979657f49984b9798dfcd0b3da (diff)
downloadrpm-8d0f65f7f7c46c375c886534429fe1601b7aa746.tar.gz
rpm-8d0f65f7f7c46c375c886534429fe1601b7aa746.tar.bz2
rpm-8d0f65f7f7c46c375c886534429fe1601b7aa746.zip
Pad RSA signatures up to modulus size if necessary (rhbz#494049)
- unfortunately can't be detected at initial allocation so extra copy is needed at verification time - this is commit 4c39a9df93c962c69e23ff48789cb950a105a44b backported
-rw-r--r--lib/signature.c27
1 files changed, 23 insertions, 4 deletions
diff --git a/lib/signature.c b/lib/signature.c
index 9ca8da5d1..a501f3ee2 100644
--- a/lib/signature.c
+++ b/lib/signature.c
@@ -1222,10 +1222,29 @@ verifyRSASignature(rpmKeyring keyring, rpmtd sigtd, pgpDig dig, char ** msg,
if (res != RPMRC_OK)
goto exit;
- if (VFY_VerifyDigest(&digest, dig->rsa, dig->rsasig, sigalg, NULL) == SECSuccess)
- res = RPMRC_OK;
- else
- res = RPMRC_FAIL;
+ { SECItem *sig = dig->rsasig;
+ size_t siglen = SECKEY_SignatureLen(dig->rsa);
+
+ /* Zero-pad signature data up to expected size if necessary */
+ if (siglen > sig->len) {
+ size_t pad = siglen - sig->len;
+ if ((sig = SECITEM_AllocItem(NULL, NULL, siglen)) == NULL) {
+ res = RPMRC_FAIL;
+ goto exit;
+ }
+ memset(sig->data, 0, pad);
+ memcpy(sig->data+pad, dig->rsasig->data, dig->rsasig->len);
+ }
+
+ if (VFY_VerifyDigest(&digest, dig->rsa, sig, sigalg, NULL) == SECSuccess)
+ res = RPMRC_OK;
+ else
+ res = RPMRC_FAIL;
+
+ if (sig != dig->rsasig) {
+ SECITEM_ZfreeItem(sig, 1);
+ }
+ }
exit:
if (sigp != NULL) {