On Fri, Sep 15, 2006 at 09:48:16AM -0400, David Shaw wrote: > GPG was not vulnerable, so no fix was issued. Incidentally, GPG does > not attempt to parse the PKCS/ASN.1 data at all. Instead, it > generates a new structure during signature verification and compares > it to the original.
Botan does the same thing for (deterministic) encodings - mostly because I wrote a decoder for PKCS#1 v1.5, realized it probably had bugs I wouldn't figure out until too late, and this way the worst thing that can happen is a valid signature is rejected due to having some unexpected but legal encoding. Default deny and all that. Anyway, it's a lot easier to write that way - my PSS verification code is probably around twice the length of the PSS generation code, due to the need to check every stupid little thing. -Jack --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]