santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cantor, Scott" <canto...@osu.edu>
Subject Re: 2.0.4 release
Date Mon, 13 Apr 2015 13:56:32 GMT
On 4/13/15, 5:10 AM, "Colm O hEigeartaigh" <coheigea@apache.org> wrote:
>
>I'll call a vote on a 2.0.4 Java release in a few days, so shout now if there is anything
else to go into it.

I (or somebody from my project) may be filing a bug soon related to what appears to be a regression
in the RSA verify code that dates back a while (probably to before 2.0.0). We're seeing signatures
fail that a lot of other tools are reporting are valid (the C++ library included). Seems to
be related to signature length and padding issues when the signature has 00 bytes and ends
up encoded as shorter than 256 bytes (for a 2048 bit key anyway).

I wouldn't hold the release over it since it's an old issue, just noting it may be coming.

-- Scott

Mime
View raw message