+2006-10-04 Sebastien Pouliot <sebastien@ximian.com>
+
+ * PKCS1.cs: Remove compatibility block where all padding wasn't
+ verified (can't find the original test case for it). Note: the
+ existing implementation wasn't affected by CVE-2006-4339, aka RSA
+ PKCS#1 1.5 signature forgery (but we're stronger without it).
+
2006-09-27 Sebastien Pouliot <sebastien@ximian.com>
* RSAManaged.cs: Ensure that the results of Encrypt and Decrypt will
byte[] m = RSAVP1 (rsa, s);
byte[] EM2 = I2OSP (m, size);
byte[] EM = Encode_v15 (hash, hashValue, size);
- bool result = Compare (EM, EM2);
- if (!result) {
- // NOTE: some signatures don't include the hash OID (pretty lame but real)
- // and compatible with MS implementation
- if ((EM2 [0] != 0x00) || (EM2 [1] != 0x01))
- return false;
- // TODO: add more validation
- byte[] decryptedHash = new byte [hashValue.Length];
- Buffer.BlockCopy (EM2, EM2.Length - hashValue.Length, decryptedHash, 0, decryptedHash.Length);
- result = Compare (decryptedHash, hashValue);
- }
- return result;
+ return Compare (EM, EM2);
}
// PKCS #1 v.2.1, Section 9.2