You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Scott Cantor (JIRA)" <ji...@apache.org> on 2015/04/13 18:49:12 UTC
[jira] [Created] (SANTUARIO-418) Invalid acceptance of unpadded RSA
signatures
Scott Cantor created SANTUARIO-418:
--------------------------------------
Summary: Invalid acceptance of unpadded RSA signatures
Key: SANTUARIO-418
URL: https://issues.apache.org/jira/browse/SANTUARIO-418
Project: Santuario
Issue Type: Bug
Components: C++
Affects Versions: C++ 1.7.3
Reporter: Scott Cantor
Assignee: Scott Cantor
Fix For: C++ 1.7.4
The library is accepting RSA signatures that are shorter than the modulus size, presumably because the OpenSSL code is silently padding zeroes on the end when it runs. Need to implement a length check in the verifier and check what OpenSSL is doing.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)