Tcl Library Source Code

Ticket Change Details
Bounty program for improvements to Tcl and certain Tcl packages.

Artifact ID: 8815e9b413d3d6013ea4ac92b99458a58a53d39b357f08ca7b0cafa10c87bf94
Ticket: bbdff172a399a771485ddbe9606ce9e2738a5d8c
::pki::verify always returns false when "algo" argument is provided
User & Date: RP. 2020-02-12 13:31:48

  1. Change assignee to ""
  2. Change comment to:

    As in title, when algo argument is provided ::pki::verify always returns false. As I found out problem is that when default algorithm is used plaintext value is stripped and converted to octetstring, but when explicit algo is provided final comparision is between plain-text and binary.
    Fix that I've made is to always convert plaintext to octet-string digest (before if clause):

    proc ::pki::verify {signedmessage checkmessage keylist {algo default}} {
    	package require asn
    if {[catch { set plaintext [::pki::decrypt -binary -unpad -pub -- $signedmessage $keylist] }]} { return false }
    # RP - always convert plain text to extracted octet-string digest (original $plaintext is not valid for final comparison with binary hash) set digest "" catch { ::asn::asnGetSequence plaintext message ::asn::asnGetSequence message digestInfo ::asn::asnGetOctetString message digest }
    if {$algo eq "default"} { set algoId "unknown"
    catch { ::asn::asnGetObjectIdentifier digestInfo algoId set algoId [::pki::_oid_number_to_name $algoId] } } else { set algoId $algo }
    switch -- $algoId { "md5" - "md5WithRSAEncryption" { set checkdigest [md5::md5 $checkmessage] } "sha1" - "sha1WithRSAEncryption" { set checkdigest [sha1::sha1 -bin $checkmessage] } "sha256" - "sha256WithRSAEncryption" { set checkdigest [sha2::sha256 -bin $checkmessage] } default { return -code error "Unknown hashing algorithm: $algoId" } }
    return [expr {$checkdigest eq $digest}] }
  3. Change login to "RP."
  4. Change mimetype to "text/plain"