On 4/13/15, 9:56 AM, "Cantor, Scott" <[email protected]> wrote:
>On 4/13/15, 5:10 AM, "Colm O hEigeartaigh" <[email protected]> wrote: >> >>I'll call a vote on a 2.0.4 Java release in a few days, so shout now if there >>is anything else to go into it. > >I (or somebody from my project) may be filing a bug soon related to what >appears to be a regression in the RSA verify code that dates back a while >(probably to before 2.0.0). We're seeing signatures fail that a lot of other >tools are reporting are valid (the C++ library included). Seems to be related >to signature length and padding issues when the signature has 00 bytes and >ends up encoded as shorter than 256 bytes (for a 2048 bit key anyway). I could have held my tongue and saved the time, but Ian says he's found pretty clear spec language in the RFCs that indicate the Java code is right, and everything else seems to be wrong, so false alarm. It does seem that the old 1.4 Java code accepted these signatures, so apparently it was a bug and was fixed. We don't think the false positives are a big thing since it's just implicitly padding zeros probably, but it's not strictly correct. I'm going to file a Santuario C++ bug and look into what OpenSSL's primitives are doing. -- Scott
