On 4/13/15, 5:10 AM, "Colm O hEigeartaigh" <[email protected]> wrote: > >I'll call a vote on a 2.0.4 Java release in a few days, so shout now if there >is anything else to go into it.
I (or somebody from my project) may be filing a bug soon related to what appears to be a regression in the RSA verify code that dates back a while (probably to before 2.0.0). We're seeing signatures fail that a lot of other tools are reporting are valid (the C++ library included). Seems to be related to signature length and padding issues when the signature has 00 bytes and ends up encoded as shorter than 256 bytes (for a 2048 bit key anyway). I wouldn't hold the release over it since it's an old issue, just noting it may be coming. -- Scott
