[SANTUARIO-418] Invalid acceptance of unpadded RSA signatures - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: C++ 1.7.0, C++ 1.7.1, C++ 1.7.2, C++ 1.7.3
Fix Version/s: C++ 2.0.0
Component/s: C++
Labels:
None

Description

The library is accepting RSA signatures that are shorter than the modulus size, presumably because the OpenSSL code is silently padding zeroes on the end when it runs. Need to implement a length check in the verifier and check what OpenSSL is doing.

Attachments

Activity

People

Assignee:: Scott Cantor

Reporter:: Scott Cantor

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 13/Apr/15 16:48

Updated:: 27/Jun/18 15:28

Resolved:: 05/Sep/17 16:37