Re: [TLS] Issue 26: implementation pitfalls
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TLS] Issue 26: implementation pitfalls
Pasi.Eronen at nokia.com wrote:
>
> o When verifying RSA signatures, do you accept both NULL and
> missing parameters (see Section 4.7)? Do you verify that the
> RSA padding doesn't have additional data after the hash value?
> [FI06]
>
A variation on the attack is to include additional data in the middle
of the structure for example via a parameter.
That might be covered by saying NULL and missing parameters *only*
though a decoder that accepted invalid content octets in a NULL value
would still be vulnerable.
Steve.
--
Dr Stephen N. Henson.
Core developer of the OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.co.uk/
Email: shenson at drh-consultancy.co.uk, PGP key: via homepage.
_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
