You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Scott Cantor (JIRA)" <ji...@apache.org> on 2017/09/05 16:28:00 UTC
[jira] [Commented] (SANTUARIO-418) Invalid acceptance of unpadded
RSA signatures
[ https://issues.apache.org/jira/browse/SANTUARIO-418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16153925#comment-16153925 ]
Scott Cantor commented on SANTUARIO-418:
----------------------------------------
Some of the code paths into OpenSSL have a length check, but for some reason the RSA_public_decrypt method allows the length to be less than the key size and has a comment that it doesn't check for equality because of a PGP behavior that removes the leading zeroes. It then assumes the shorter signature has leading zeroes I think, when it converts from binary to BIGNUM.
I guess this isn't harmful but the Java RSA signature code tests for equality, and since we shouldn't really need to care what PGP does, it appears that we would have to check for this inside the Santuario code if we care.
> Invalid acceptance of unpadded RSA signatures
> ---------------------------------------------
>
> Key: SANTUARIO-418
> URL: https://issues.apache.org/jira/browse/SANTUARIO-418
> Project: Santuario
> Issue Type: Bug
> Components: C++
> Affects Versions: C++ 1.7.0, C++ 1.7.1, C++ 1.7.2, C++ 1.7.3
> Reporter: Scott Cantor
> Assignee: Scott Cantor
> Fix For: C++ 2.0.0
>
>
> The library is accepting RSA signatures that are shorter than the modulus size, presumably because the OpenSSL code is silently padding zeroes on the end when it runs. Need to implement a length check in the verifier and check what OpenSSL is doing.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)