top | item 39963287 (no title) dignifiedquire | 1 year ago This was allowed in the rust-rsa crate directly before, which is why it was introduced in that commit. discuss order hn newest woodruffw|1 year ago Yep, I saw the upstream[1].However, I misread this: I thought the padding was being done on the cleartext signing side, but this is padding of the signature itself. So there's some malleability here, but it isn't susceptible to DO'1985. I'll update my top-level comment.[1]: https://github.com/RustCrypto/RSA/issues/272 junon|1 year ago Glad people care to look, that's what matters. dignifiedquire|1 year ago Thanks, appreciate the careful check!
woodruffw|1 year ago Yep, I saw the upstream[1].However, I misread this: I thought the padding was being done on the cleartext signing side, but this is padding of the signature itself. So there's some malleability here, but it isn't susceptible to DO'1985. I'll update my top-level comment.[1]: https://github.com/RustCrypto/RSA/issues/272 junon|1 year ago Glad people care to look, that's what matters. dignifiedquire|1 year ago Thanks, appreciate the careful check!
woodruffw|1 year ago
However, I misread this: I thought the padding was being done on the cleartext signing side, but this is padding of the signature itself. So there's some malleability here, but it isn't susceptible to DO'1985. I'll update my top-level comment.
[1]: https://github.com/RustCrypto/RSA/issues/272
junon|1 year ago
dignifiedquire|1 year ago