Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8285404

RSA signature verification should reject non-DER OCTET STRING

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P4 P4
    • 19
    • None
    • security-libs

      RFC 8017 8.2.2 Step 4 requires encoding the digest and then comparing it with the decrypted copy. The current implementation decodes the decrypted copy and compares the content with the digest. We should follow the RFC.

      *Update*: We think it's possible that there might be signers omitting the NULL params in the digest algorithm identifier. The check is relaxed to only requiring the digest value be DER encoded.

            weijun Weijun Wang
            weijun Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: