Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PKCS#1 v1.5 Signature Verification End of Padding (0x00) Leniency #189

Open
yahyazadeh opened this issue Apr 3, 2021 · 1 comment
Open

PKCS#1 v1.5 Signature Verification End of Padding (0x00) Leniency #189

yahyazadeh opened this issue Apr 3, 2021 · 1 comment

Comments

@yahyazadeh
Copy link

Hi,

After testing your implementation of PKCS#1 v1.5 Signature Verification, I noticed it fails to check that end of padding is actually 0x00 and it can take any arbitrary value.

I think the issue exists because in pkcs1_pad(), line 356, after peeling off the padding bytes (0xFF...FF), the end of padding here can be any arbitrary byte to get us out of the loop. No signature forgery, just a minor leniency.

--Daniel
@dfaranha
Copy link
Contributor

dfaranha commented Apr 3, 2021

Hi Daniel,

Thank you for the notification!

I think commit 1c9ea9e fixes this and enforces the hash length better.

PS: This is old code implementing an old standard that I particularly dislike and can't find the time to rewrite in a better way.
I'm strongly considering to just remove it altogether if no one speaks up. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dfaranha @yahyazadeh