|
|
|
|
|
|
by woodruffw
804 days ago
|
|
|
Yep, I saw the upstream[1]. However, I misread this: I thought the padding was being done on the cleartext signing side, but this is padding of the signature itself. So there's some malleability here, but it isn't susceptible to DO'1985. I'll update my top-level comment. [1]: https://github.com/RustCrypto/RSA/issues/272 |
|
|