The Apple CDSA implementation of RSA signature verify is not
vulnerable to this exploit. Unlike openssl, CDSA verifies a signature
by creating the expected encoded digest info, decrypting the
signature, and comparing the result of that decrypt against the
encoded digest info. The length of the decrypted data has to match
the length of the encoded digest info. Openssl decrypts the signature
and decodes the resulting digest info to get the 16 or 20 byte
digest. It's that decode step that ignores the trailing bytes in the
decrypted signature; those trailing bytes are used to perform the
exploit.
--dpm
On Sep 26, 2006, at 12:40 PM, The Spaminator wrote:
With the news of the recent exponent 3 vulnderability in faulty
signature verification algorithms, I started to wonder if the CDSA
implementation was affected, but I could not find any information
one way or the other.
I did not find anything in the archives, so I thought I would ask
the forum.
Is anyone aware one way or another if the Apple Mac OS X CDSA
implementation is vulnerable to the RSA exponent 3 problem?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
