pmatilai commented on this pull request.
> + switch (num) {
+ case 0:
+ if (!bn) {
+ bn = sig->bn = BN_new();
+ }
+ if (!bn) return 1;
+
+ /* Create a BIGNUM from the signature pointer.
+ Note: this assumes big-endian data as required
+ by the PGP multiprecision integer format
+ (RFC4880, Section 3.2)
+ This will be useful later, as we can
+ retrieve this value with appropriate
+ padding. */
+ bn = BN_bin2bn(p+2, mlen, bn);
+ if (!bn) return 1;
NSS and beecrypt do need manual zero-padding, I don't know about openssl but
maybe its smarter. What I can tell you that the current code doesn't handle
padding correctly. Here's a reproducer package from the original NSS bug:
https://dl.fedoraproject.org/pub/archive/fedora/linux/releases/11/Fedora/x86_64/os/Packages/libuser-python-0.56.9-3.x86_64.rpm
but if you prefer a newer one, nss-softokn-3.28.1-1.0.fc25.x86_64 also
requires zero-padding (with NSS) and fails with the current openssl
implementation.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/129
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint