https://issues.apache.org/bugzilla/show_bug.cgi?id=44982
Summary: NSS verification fails
Product: Security
Version: unspecified
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: major
Priority: P2
Component: C++ Signature
AssignedTo: security-dev@xml.apache.org
ReportedBy: [EMAIL PROTECTED]
When I verify hash with RSA signature it fails with PORT_GetError == -8182 ==
0xFFFFE00A == SEC_ERROR_BAD_SIGNATURE.
It seems to be the problem, because sign wraps hash with SGN_CreateDigestInfo,
however verify does not.
Can somebody confirm this?
Suggesting adding the same logic to verify.
Or even better replacing PK11_Sign and PK11_Verify with (and unifying RSA and
DSA code):
VFY_VerifyDigest(SECItem *digest, SECKEYPublicKey *key, SECItem *sig, SECOidTag
algid, void *wincx)
(http://mxr.mozilla.org/security/source/security/nss/lib/cryptohi/secvfy.c)
SGN_Digest(SECKEYPrivateKey *privKey, SECOidTag algtag, SECItem *result,
SECItem *digest) (see
http://crypto.stanford.edu/firefox-rhash/data/secsign.c.html)
Here you can see how PK11_Sign and PK11_Verify should be used for RSA and DSA.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
