Tcl Library Source Code

Ticket Change Details
Login
Bounty program for improvements to Tcl and certain Tcl packages.
Overview

Artifact ID: acef47a4faca3365db34e529963e5b5f6822a2f465116cb105879b6f0b6921a4
Ticket: bbdff172a399a771485ddbe9606ce9e2738a5d8c
::pki::verify always returns false when "algo" argument is provided
User & Date: RP. 2020-02-12 11:14:15
Changes

  1. Change assignee to "nobody"
  2. Change closer to "nobody"
  3. Change cmimetype to "text/html"
  4. Change comment to:

    As in summary, when algo argument is provided ::pki::verify always returns false. As I found out problem is that when default algorithm is used plaintext value is stripped and converted to octetstring, but when explicit algo is provided final comparision is between plain-text and binary.
    Fix that I've made is to always convert plaintext to octet-string digest (before if clause):

    proc ::pki::verify {signedmessage checkmessage keylist {algo default}} {
    	package require asn
    
    if {[catch { set plaintext [::pki::decrypt -binary -unpad -pub -- $signedmessage $keylist] }]} { return false }
    # RP - always convert plain text to extracted octet-string digest (original $plaintext is not valid for final comparison with binary hash) set digest "" catch { ::asn::asnGetSequence plaintext message ::asn::asnGetSequence message digestInfo ::asn::asnGetOctetString message digest }
    if {$algo eq "default"} { set algoId "unknown"
    catch { ::asn::asnGetObjectIdentifier digestInfo algoId set algoId [::pki::_oid_number_to_name $algoId] } } else { set algoId $algo }
    switch -- $algoId { "md5" - "md5WithRSAEncryption" { set checkdigest [md5::md5 $checkmessage] } "sha1" - "sha1WithRSAEncryption" { set checkdigest [sha1::sha1 -bin $checkmessage] } "sha256" - "sha256WithRSAEncryption" { set checkdigest [sha2::sha256 -bin $checkmessage] } default { return -code error "Unknown hashing algorithm: $algoId" } }
    return [expr {$checkdigest eq $digest}] }
  5. Change foundin to "0.10"
  6. Change is_private to "0"
  7. Change login to "RP."
  8. Change priority to "5 Medium"
  9. Change private_contact to "50d9392564d29f4876848cc135e7ea56eed25957"
  10. Change resolution to "None"
  11. Change severity to "Important"
  12. Change status to "Open"
  13. Change submitter to "RP."
  14. Change subsystem to "pki"
  15. Change title to:

    ::pki::verify always returns false when "algo" argument is provided

  16. Change type to "Bug"