You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Scott Cantor (JIRA)" <ji...@apache.org> on 2017/09/05 16:38:00 UTC

[jira] [Resolved] (SANTUARIO-418) Invalid acceptance of unpadded RSA signatures

     [ https://issues.apache.org/jira/browse/SANTUARIO-418?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Scott Cantor resolved SANTUARIO-418.
------------------------------------
    Resolution: Fixed

r1807368

Implemented an explicit check for OpenSSL RSA impl.

> Invalid acceptance of unpadded RSA signatures
> ---------------------------------------------
>
>                 Key: SANTUARIO-418
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-418
>             Project: Santuario
>          Issue Type: Bug
>          Components: C++
>    Affects Versions: C++ 1.7.0, C++ 1.7.1, C++ 1.7.2, C++ 1.7.3
>            Reporter: Scott Cantor
>            Assignee: Scott Cantor
>             Fix For: C++ 2.0.0
>
>
> The library is accepting RSA signatures that are shorter than the modulus size, presumably because the OpenSSL code is silently padding zeroes on the end when it runs. Need to implement a length check in the verifier and check what OpenSSL is doing.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)