On Fri, Sep 15, 2006 at 09:48:16AM -0400, David Shaw wrote:

> GPG was not vulnerable, so no fix was issued.  Incidentally, GPG does
> not attempt to parse the PKCS/ASN.1 data at all.  Instead, it
> generates a new structure during signature verification and compares
> it to the original.

Botan does the same thing for (deterministic) encodings - mostly
because I wrote a decoder for PKCS#1 v1.5, realized it probably had
bugs I wouldn't figure out until too late, and this way the worst
thing that can happen is a valid signature is rejected due to having
some unexpected but legal encoding. Default deny and all that.

Anyway, it's a lot easier to write that way - my PSS verification code
is probably around twice the length of the PSS generation code, due to
the need to check every stupid little thing.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to