Hi,
On 8 November 2016 at 11:53, aduda aduda@meraki.com wrote:
From: Andrew Duda aduda@meraki.com
checksum_algo's pad_len field isn't actually used to store the length of the padding but the total length of the RSA key (msg_len + pad_len)
Perhaps it should be padded_key_len or padded_len?
Signed-off-by: Andrew Duda aduda@meraki.com Signed-off-by: aduda aduda@meraki.com
include/image.h | 2 +- lib/rsa/rsa-verify.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/include/image.h b/include/image.h index 2b1296c..bfe10a0 100644 --- a/include/image.h +++ b/include/image.h @@ -1070,7 +1070,7 @@ struct image_region { struct checksum_algo { const char *name; const int checksum_len;
const int pad_len;
const int key_len;#if IMAGE_ENABLE_SIGN const EVP_MD *(*calculate_sign)(void); #endif diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 442b769..5418f59 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -84,7 +84,7 @@ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig, }
padding = algo->rsa_padding;
pad_len = algo->pad_len - algo->checksum_len;
pad_len = algo->key_len - algo->checksum_len; /* Check pkcs1.5 padding bytes. */ if (memcmp(buf, padding, pad_len)) {@@ -160,7 +160,7 @@ int rsa_verify(struct image_sign_info *info, { const void *blob = info->fdt_blob; /* Reserve memory for maximum checksum-length */
uint8_t hash[info->algo->checksum->pad_len];
uint8_t hash[info->algo->checksum->key_len]; int ndepth, noffset; int sig_node, node; char name[100];@@ -171,7 +171,7 @@ int rsa_verify(struct image_sign_info *info, * rsa-signature-length */ if (info->algo->checksum->checksum_len >
info->algo->checksum->pad_len) {
info->algo->checksum->key_len) { debug("%s: invlaid checksum-algorithm %s for %s\n", __func__, info->algo->checksum->name, info->algo->name); return -EINVAL;-- 2.10.2
Regards, Simon