You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Scott Cantor (JIRA)" <ji...@apache.org> on 2015/04/13 18:49:12 UTC

[jira] [Created] (SANTUARIO-418) Invalid acceptance of unpadded RSA signatures

Scott Cantor created SANTUARIO-418:
--------------------------------------

             Summary: Invalid acceptance of unpadded RSA signatures
                 Key: SANTUARIO-418
                 URL: https://issues.apache.org/jira/browse/SANTUARIO-418
             Project: Santuario
          Issue Type: Bug
          Components: C++
    Affects Versions: C++ 1.7.3
            Reporter: Scott Cantor
            Assignee: Scott Cantor
             Fix For: C++ 1.7.4


The library is accepting RSA signatures that are shorter than the modulus size, presumably because the OpenSSL code is silently padding zeroes on the end when it runs. Need to implement a length check in the verifier and check what OpenSSL is doing.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)