[Rpm-maint] [rpm-software-management/rpm] Add OpenSSL crypto backend (#129)

Panu Matilainen notifications at github.com
Tue Feb 7 07:52:30 UTC 2017

pmatilai commented on this pull request.

> +    switch (num) {
+    case 0:
+        if (!bn) {
+            bn = sig->bn = BN_new();
+        }
+        if (!bn) return 1;
+        /* Create a BIGNUM from the signature pointer.
+           Note: this assumes big-endian data as required
+           by the PGP multiprecision integer format
+           (RFC4880, Section 3.2)
+           This will be useful later, as we can
+           retrieve this value with appropriate
+           padding. */
+        bn = BN_bin2bn(p+2, mlen, bn);
+        if (!bn) return 1;

NSS and beecrypt do need manual zero-padding, I don't know about openssl but maybe its smarter. What I can tell you that the current code doesn't handle padding correctly. Here's a reproducer package from the original NSS bug: https://dl.fedoraproject.org/pub/archive/fedora/linux/releases/11/Fedora/x86_64/os/Packages/libuser-python-0.56.9-3.x86_64.rpm but if you prefer a newer one, nss-softokn-3.28.1-1.0.fc25.x86_64 also requires zero-padding (with NSS) and fails with the current openssl implementation.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20170206/85918fd0/attachment.html>

More information about the Rpm-maint mailing list