Commit bc01637a authored by Dmitry Kasatkin's avatar Dmitry Kasatkin Committed by Linus Torvalds

digsig: add hash size comparision on signature verification

When pkcs_1_v1_5_decode_emsa() returns without error and hash sizes do
not match, hash comparision is not done and digsig_verify_rsa() returns
no error.  This is a bug and this patch fixes it.

The bug was introduced in v3.3 by commit b35e286a ("lib/digsig:
pkcs_1_v1_5_decode_emsa cleanup").

Signed-off-by: default avatarDmitry Kasatkin <>
Signed-off-by: default avatarLinus Torvalds <>
parent 8507876a
......@@ -163,9 +163,11 @@ static int digsig_verify_rsa(struct key *key,
memcpy(out1 + head, p, l);
err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len);
if (err)
goto err;
if (!err && len == hlen)
err = memcmp(out2, h, hlen);
if (len != hlen || memcmp(out2, h, hlen))
err = -EINVAL;
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment