Tcl Library Source Code

Ticket Change Details
Login
Overview

Artifact ID: acef47a4faca3365db34e529963e5b5f6822a2f465116cb105879b6f0b6921a4
Ticket: bbdff172a399a771485ddbe9606ce9e2738a5d8c
::pki::verify always returns false when "algo" argument is provided
User & Date: RP. 2020-02-12 11:14:15
Changes

  1. assignee changed to: "nobody"
  2. closer changed to: "nobody"
  3. cmimetype changed to: "text/html"
  4. comment changed to:
    As in summary, when <b>algo</b> argument is provided <b>::pki::verify</b> always returns false.
    As I found out problem is that when <b>default</b> algorithm is used plaintext value is stripped and converted to octetstring, but when explicit algo is provided final comparision is between plain-text and binary.<br>
    Fix that I've made is to always convert <b>plaintext</b> to octet-string <b>digest</b> (before <b>if</b> clause):
    <pre style="padding: 10px; border-left: solid 5px gray;">
    proc ::pki::verify {signedmessage checkmessage keylist {algo default}} {
    	package require asn
    
    	if {[catch {
    		set plaintext [::pki::decrypt -binary -unpad -pub -- $signedmessage $keylist]
    	}]} {
    		return false
    	}
    
    	# RP - always convert plain text to extracted octet-string digest (original $plaintext is not valid for final comparison with binary hash)
    	set digest ""
    	catch {
    		::asn::asnGetSequence plaintext message
    		::asn::asnGetSequence message digestInfo
    		::asn::asnGetOctetString message digest
    	}
    
    	if {$algo eq "default"} {
    		set algoId "unknown"
    
    		catch {
    			::asn::asnGetObjectIdentifier digestInfo algoId
    			set algoId [::pki::_oid_number_to_name $algoId]
    		}
    	} else {
    		set algoId $algo
    	}
    
    	switch -- $algoId {
    		"md5" - "md5WithRSAEncryption" {
    			set checkdigest [md5::md5 $checkmessage]
    		}
    		"sha1" - "sha1WithRSAEncryption" {
    			set checkdigest [sha1::sha1 -bin $checkmessage]
    		}
    		"sha256" - "sha256WithRSAEncryption" {
    			set checkdigest [sha2::sha256 -bin $checkmessage]
    		}
    		default {
    			return -code error "Unknown hashing algorithm: $algoId"
    		}
    	}
    
    	return [expr {$checkdigest eq $digest}]
    }
    </pre>
    
  5. foundin changed to: "0.10"
  6. is_private changed to: "0"
  7. login: "RP."
  8. priority changed to: "5 Medium"
  9. private_contact changed to: "50d9392564d29f4876848cc135e7ea56eed25957"
  10. resolution changed to: "None"
  11. severity changed to: "Important"
  12. status changed to: "Open"
  13. submitter changed to: "RP."
  14. subsystem changed to: "pki"
  15. title changed to:
    ::pki::verify always returns false when "algo" argument is provided
    
  16. type changed to: "Bug"