[Rpm-maint] [rpm-software-management/rpm] Add OpenSSL crypto backend (#129)

Tue Feb 7 07:52:30 UTC 2017

pmatilai commented on this pull request.

> +    switch (num) {
+    case 0:
+        if (!bn) {
+            bn = sig->bn = BN_new();
+        }
+        if (!bn) return 1;
+
+        /* Create a BIGNUM from the signature pointer.
+           Note: this assumes big-endian data as required
+           by the PGP multiprecision integer format
+           (RFC4880, Section 3.2)
+           This will be useful later, as we can
+           retrieve this value with appropriate
+           padding. */
+        bn = BN_bin2bn(p+2, mlen, bn);
+        if (!bn) return 1;

NSS and beecrypt do need manual zero-padding, I don't know about openssl but maybe its smarter. What I can tell you that the current code doesn't handle padding correctly. Here's a reproducer package from the original NSS bug: https://dl.fedoraproject.org/pub/archive/fedora/linux/releases/11/Fedora/x86_64/os/Packages/libuser-python-0.56.9-3.x86_64.rpm but if you prefer a newer one, nss-softokn-3.28.1-1.0.fc25.x86_64 also requires zero-padding (with NSS) and fails with the current openssl implementation.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/129
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20170206/85918fd0/attachment.html>