From: Dmitry K. <dmi...@gm...> - 2013-06-30 18:36:16
|
Hello Vivek, I was on vacation. Just returned. Will verify tomorrow. - Dmitry On Tue, Jun 25, 2013 at 6:09 AM, Vivek Goyal <vg...@re...> wrote: > For V2 of digital signature we store signature at hdr->sig and not at > hdr->sig + 2. That's the property of V1 of signature. > > Fix the verification code otherwise it fails with following message. > > RSA_public_decrypt() failed: -1 > error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 > error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed > > Signed-off-by: Vivek Goyal <vg...@re...> > --- > src/evmctl.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > Index: ima-evm-utils/src/evmctl.c > =================================================================== > --- ima-evm-utils.orig/src/evmctl.c 2013-06-24 23:03:32.631000000 -0400 > +++ ima-evm-utils/src/evmctl.c 2013-06-24 23:03:47.124000000 -0400 > @@ -1141,7 +1141,7 @@ static int verify_hash_v2(const unsigned > if (!key) > return 1; > > - err = RSA_public_decrypt(siglen - sizeof(*hdr) - 2, sig + sizeof(*hdr) + 2, out, key, RSA_PKCS1_PADDING); > + err = RSA_public_decrypt(siglen - sizeof(*hdr), sig + sizeof(*hdr), out, key, RSA_PKCS1_PADDING); > RSA_free(key); > if (err < 0) { > log_err("RSA_public_decrypt() failed: %d\n", err); |