You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Scott Cantor (JIRA)" <ji...@apache.org> on 2017/09/05 16:38:00 UTC
[jira] [Resolved] (SANTUARIO-418) Invalid acceptance of unpadded
RSA signatures
[ https://issues.apache.org/jira/browse/SANTUARIO-418?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Scott Cantor resolved SANTUARIO-418.
------------------------------------
Resolution: Fixed
r1807368
Implemented an explicit check for OpenSSL RSA impl.
> Invalid acceptance of unpadded RSA signatures
> ---------------------------------------------
>
> Key: SANTUARIO-418
> URL: https://issues.apache.org/jira/browse/SANTUARIO-418
> Project: Santuario
> Issue Type: Bug
> Components: C++
> Affects Versions: C++ 1.7.0, C++ 1.7.1, C++ 1.7.2, C++ 1.7.3
> Reporter: Scott Cantor
> Assignee: Scott Cantor
> Fix For: C++ 2.0.0
>
>
> The library is accepting RSA signatures that are shorter than the modulus size, presumably because the OpenSSL code is silently padding zeroes on the end when it runs. Need to implement a length check in the verifier and check what OpenSSL is doing.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)