Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SignatureTest::test_sign_different_key fails sometimes #234

Open
myheroyuki opened this issue Feb 1, 2024 · 0 comments
Open

SignatureTest::test_sign_different_key fails sometimes #234

myheroyuki opened this issue Feb 1, 2024 · 0 comments

Comments

@myheroyuki
Copy link
Collaborator

A unit test, SignatureTest::test_sign_different_key, is failing occasionally. The reason for this is that the test expects the verify function to raise a VerificationError, but the test instead raises an OverflowError sometimes. This is because the otherpub modulus (i.e., the "different key" in the test) can be smaller than the signature. To address the issue, the test should be updated to expected either a VerificationError or an OverflowError.

The behavior was introduced with PR #206, where verifying was changed to instead use encrypt_int instead of decrypt_int. These methods are almost the same, but encrypt_int checks that the size of the message passed in is less than the size of the modulus. According to RFC 8017: PKCS#1 v2.2, all cryptographic primitives should be performing this check, so the behavior now is actually more correct and decrypt_int/decrypt_int_fast should be updated to check its argument's length as well. I will open this update as a separate issue.

I don't believe the failure to perform this check led to any vulnerabilities but I encourage everyone to review it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@myheroyuki