Hi Ansgar, On Fri, Oct 25, 2019 at 10:59:09AM +0200, Ansgar wrote: > I tried running `sign-file` manually and can reproduce the truncated > file with Debian's production key. I also tried signing the same key > with a test key instead of the production key: then the signature is 256 > bytes long, just as with any other file... > > `strace -e write sign-file` reports only a single call to `write()` > which writes the entire file in one go. The return value also matches > the number of bytes asked to be written in every case.
Cool, thanks for reproducing the issue! Just one question: when you say production key, does that mean a hardware security module like Ben mentioned, or can you reproduce this with a fully software implementation? Provided the latter, that means there exists an input to sign-file that produces an invalid (shorter) signature, and it's likely we can find another combination of key/module that also fails, and that can be made public (as opposed to the Debian production key). I don't have the computing resources for this, but if we're sure the reproducer exists, someone at LKML might. Otherwise I'm afraid you might need to dig a bit deeper. :-) -- Tomáš Janoušek, a.k.a. Pivník, a.k.a. Liskni_si, http://work.lisk.in/
