Re: [Opencryptoki-tech] [PATCH 5/5] Modify PKCS functions to use rsa_parse_block

Thu, 17 Jun 2010 14:25:46 -0700 

On Wed, 16 Jun 2010 11:34:55 -0300
Ramon de Carvalho Valle <[email protected]> wrote:

> Modify rsa_pkcs_verify and rsa_pkcs_verify_recover functions in RSA
> mechanisms to use rsa_parse_block function.
> 
> Signed-off-by: Ramon de Carvalho Valle <[email protected]>

Ack, see below for some comments.

> ---
>  usr/lib/pkcs11/common/mech_rsa.c |   50
> ++++++------------------------------- 1 files changed, 8
> insertions(+), 42 deletions(-)
> 
> diff --git a/usr/lib/pkcs11/common/mech_rsa.c
> b/usr/lib/pkcs11/common/mech_rsa.c index 4c5e85c..d8e9bd7 100755
> --- a/usr/lib/pkcs11/common/mech_rsa.c
> +++ b/usr/lib/pkcs11/common/mech_rsa.c
> @@ -805,8 +805,8 @@ rsa_pkcs_verify( SESSION             * sess,
>  {
>     OBJECT          *key_obj  = NULL;
>     CK_ATTRIBUTE    *attr     = NULL;
> -   CK_BYTE          out[512];  // 4096 bits
> -   CK_ULONG         i, modulus_bytes;
> +   CK_BYTE          out[512], out_data[512];  // 4096 bits
> +   CK_ULONG         i, modulus_bytes, out_data_len;
>     CK_BBOOL         flag;
>     CK_RV            rc;
> 
> @@ -836,29 +836,18 @@ rsa_pkcs_verify( SESSION             * sess,
>     if (rc == CKR_OK) {
>        CK_ULONG len;
> 
> -      // skip past the PKCS block formatting data
> -      //
> -      // 00 | BT | PADDING | 00 | DATA
> -      //
> -      for (i=2; i < modulus_bytes; i++) {
> -         if (out[i] == 0x0) {
> -            i++;  // point i at the first data byte
> -            break;
> -         }
> -      }
> +      rc = rsa_parse_block( out, modulus_bytes, out_data,
> &out_data_len, PKCS_BT_2);
> 

I see you are not checking for rc value after returning from
rsa_parse_block().

Was this intentional? i.e., to prevent padding attacks, you keep
returning CKR_SIGNATURE_INVALID regardless possible failures in parsing
the block? (I really haven't digged that deep).

Thanks,

 -Klaus
-- 
Klaus Heinrich Kiwi | [email protected] | http://blog.klauskiwi.com
Open Source Security blog :     http://www.ratliff.net/blog
IBM Linux Technology Center :   http://www.ibm.com/linux/ltc

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Opencryptoki-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech

Reply via email to