Hacker News new | ask | show | jobs
by dignifiedquire 797 days ago
I am not sure if this is an actual issue, all auditors that looked at this so far haven’t mentioned this being a problem. But I will have to investigate what the exact state is.
1 comments
woodruffw 797 days ago
According to `git blame`, this was introduced June 2023, i.e. after your audit in 2019. But maybe it was moved from an older piece of the codebase, I didn't dig too deep.

(Looks like the IncludeSec folks did a decent job in 2019. Hi Eric!)

link
dignifiedquire 797 days ago
This was allowed in the rust-rsa crate directly before, which is why it was introduced in that commit.
link
woodruffw 797 days ago
Yep, I saw the upstream[1].

However, I misread this: I thought the padding was being done on the cleartext signing side, but this is padding of the signature itself. So there's some malleability here, but it isn't susceptible to DO'1985. I'll update my top-level comment.

[1]: https://github.com/RustCrypto/RSA/issues/272

link
junon 797 days ago
Glad people care to look, that's what matters.
link
dignifiedquire 797 days ago
Thanks, appreciate the careful check!
link