PKCS#7/CMS verify reports bad signature
mcr at sandelman.ca
Tue Apr 2 13:51:05 UTC 2019
Matt Caswell <matt at openssl.org> wrote:
> Using the cert/data files you provided me off-list (thanks), I was able to
> confirm the above and narrow it down further to the following commit:
What had produced the signatures?
> In some cases, the damage is permanent and the spec deviation and
> security risk becomes a tax all implementors must forever pay, but not
> here. Both BoringSSL and Go successfully implemented and deployed
> RSASSA-PKCS1-v1_5 as specified since their respective beginnings, so
> this change should be compatible enough to pin down in future OpenSSL
> So, based on the above description, it appears that older versions of OpenSSL
> were unduly lenient in tolerating incorrectly formatted signatures. As a
> security hardening measure that tolerance was removed. If you want to know more
> then David Benjamin may be able to expand.
Did openssl ever produce these wrong signatures?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 487 bytes
Desc: not available
More information about the openssl-users