LKML Archive on
help / color / mirror / Atom feed
From: Kamil Konieczny <>
To: "Maciej S. Szmigiero" <>,
	David Howells <>
Cc: Herbert Xu <>,
	"David S. Miller" <>,
	Tom Lendacky <>,
	Gary Hook <>, James Morris <>,
	"Serge E. Hallyn" <>,,,,
Subject: Re: [PATCH v2] X.509: unpack RSA signatureValue field from BIT STRING
Date: Tue, 17 Apr 2018 17:07:37 +0200	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On 17.04.2018 15:39, Maciej S. Szmigiero wrote:
> The signatureValue field of a X.509 certificate is encoded as a BIT STRING.
> For RSA signatures this BIT STRING is of so-called primitive subtype, which
> contains a u8 prefix indicating a count of unused bits in the encoding.
> We have to strip this prefix from signature data, just as we already do for
> key data in x509_extract_key_data() function.
> This wasn't noticed earlier because this prefix byte is zero for RSA key
> sizes divisible by 8. Since BIT STRING is a big-endian encoding adding zero
> prefixes has no bearing on its value.
> The signature length, however was incorrect, which is a problem for RSA
> implementations that need it to be exactly correct (like AMD CCP).
> Signed-off-by: Maciej S. Szmigiero <>

your e-mail address looks incorrect


Best regards,
Kamil Konieczny
Samsung R&D Institute Poland

  reply	other threads:[~2018-04-17 15:07 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <>
2018-04-17 13:39 ` Maciej S. Szmigiero
2018-04-17 15:07   ` Kamil Konieczny [this message]
2018-04-17 15:11     ` Maciej S. Szmigiero

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
    --subject='Re: [PATCH v2] X.509: unpack RSA signatureValue field from BIT STRING' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).