diff options
| author |   Lukas Wunner <lukas@wunner.de> | 2024-09-10 16:30:17 +0200 |
|---|---|---|
| committer |   Herbert Xu <herbert@gondor.apana.org.au> | 2024-10-05 13:22:04 +0800 |
| commit | 5e00481bf0a8b4dbd1588ae08f1ff82492011987 (patch) | |
| tree | 2d456e615d3b2a597403f634606224492d3e0aec /rust/helpers/build_bug.c | |
| parent | crypto: rsassa-pkcs1 - Migrate to sig_alg backend (diff) | |
| download | wireguard-linux-5e00481bf0a8b4dbd1588ae08f1ff82492011987.tar.xz wireguard-linux-5e00481bf0a8b4dbd1588ae08f1ff82492011987.zip | |
crypto: rsassa-pkcs1 - Harden digest length verification
The RSASSA-PKCS1-v1_5 sign operation currently only checks that the
digest length is less than "key_size - hash_prefix->size - 11".
The verify operation merely checks that it's more than zero.
Actually the precise digest length is known because the hash algorithm
is specified upon instance creation and the digest length is encoded
into the final byte of the hash algorithm's Full Hash Prefix.
So check for the exact digest length rather than solely relying on
imprecise maximum/minimum checks.
Keep the maximum length check for the sign operation as a safety net,
but drop the now unnecessary minimum check for the verify operation.
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'rust/helpers/build_bug.c')
0 files changed, 0 insertions, 0 deletions