-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thank you Klaus!
On 06/21/2010 03:07 PM, Klaus Heinrich Kiwi wrote: > On Sat, 19 Jun 2010 11:03:44 -0300 > Klaus Heinrich Kiwi <[email protected]> wrote: > >> The last couple of commits refactored some of the RSA mechanisms in >> common/mech_rsa.c, mainly around PKCS#1 v1.5 padding handling. Those >> also introduced a couple of issues that are being resolved by this >> patch: >> >> * Segfault when rsa_format_block() was called with block type '2', >> caused by un-initialized 'i' >> * Possible presence of null-padding bytes generated by rng_generate() >> rsa_format_block(), which would cause an invalid padding. Both this >> and the above item were fixed by generating the random padding >> bytes one-by-one, and replacing 0x00 by 0xff when needed. >> * RSA Verify and VerifyRecover were calling rsa_format_block() with >> block type '2', when the PKCS#1 specified block type '1'. >> * rsa_parse_block() may return 'CKR_ENCRYPTED_DATA_INVALID' when it >> verifies that the signature is invalid. PKCS#1 specifies that the >> caller shouldn't be able to distinguish between padding errors and >> invalid signatures. Fixed by adjusting some return codes as well as >> the calling functions. RSA Verify and VerifyRecover should return >> 'CKR_SIGNATURE_INVALID' >> * Remove the '195 - RSA Parse block failed' log message as it may >> indicate failure in decoding PKCS#1 v.1.5 padding, thus breaking >> the spec. >> >> With the above, all tests in testcases/drivers/rsa_func.c are now >> passing. >> >> Signed-off-by: Klaus Heinrich Kiwi <[email protected]> > > Applied to opencryptoki-next branch. > > -Klaus > - -- Ramon de Carvalho Valle Software Engineer IBM Linux Technology Center E-Mail: [email protected] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwfrOwACgkQGIS0iEuhp4M4LQCg0XEp3uzERiHRek9Uoz5rXOXF /tkAoK1FseUFjTCl8maNiB5UFAe4y1ffiEYEARECAAYFAkwfrOwACgkQkcIYeh81 wLk4LQCfe589Warz6HfYz4hVs2mm+fPQ2kUAmwe5cN+3ZvigfLng7bYQCYV1P/mI =bDJ4 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Opencryptoki-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
