Allow RSA 4096 key in package verification
The RSA_verify sitll works for 4096 bits keys. And we just
need to loose the check on modulus.
Sample commands to generate the key & package:
1. openssl genrsa -out keypair.pem 4096
2. openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt \
-in keypair.pem -out private.pk8
3. openssl req -new -x509 -key keypair.pem -out public.x509.pem \
-days 365
4. java -Djava.library.path=prebuilts/sdk/tools/linux/lib64 -jar \
prebuilts/sdk/tools/lib/signapk.jar -w public.x509.pem private.pk8 \
unsigned.zip signed.zip
Bug: 129163830
Test: unit tests pass
Change-Id: I5a5ff539c9ff1955c02ec2ce4b17563cb92808a4
diff --git a/verifier.cpp b/verifier.cpp
index 68a011e..08d852b 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -373,8 +373,8 @@
const BIGNUM* out_e;
RSA_get0_key(rsa.get(), &out_n, &out_e, nullptr /* private exponent */);
auto modulus_bits = BN_num_bits(out_n);
- if (modulus_bits != 2048) {
- LOG(ERROR) << "Modulus should be 2048 bits long, actual: " << modulus_bits;
+ if (modulus_bits != 2048 && modulus_bits != 4096) {
+ LOG(ERROR) << "Modulus should be 2048 or 4096 bits long, actual: " << modulus_bits;
return false;
}