Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-418

Invalid acceptance of unpadded RSA signatures

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: C++ 1.7.0, C++ 1.7.1, C++ 1.7.2, C++ 1.7.3
    • Fix Version/s: C++ 2.0.0
    • Component/s: C++
    • Labels:
      None

      Description

      The library is accepting RSA signatures that are shorter than the modulus size, presumably because the OpenSSL code is silently padding zeroes on the end when it runs. Need to implement a length check in the verifier and check what OpenSSL is doing.

        Attachments

          Activity

            People

            • Assignee:
              scantor Scott Cantor
              Reporter:
              scantor Scott Cantor
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: