Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Abort validation if signature verification fails #90

Open
bjornvolcker opened this issue Jun 23, 2022 · 0 comments
Open

Abort validation if signature verification fails #90

bjornvolcker opened this issue Jun 23, 2022 · 0 comments
Assignees
@bjornvolcker
Labels
bug Something isn't working

Comments

@bjornvolcker
Copy link
Contributor

Please do not disclose security vulnerabilities as issues. See our security policy for responsible disclosures.

Describe the bug

Signature verification is one step in the validation. Unfortunately, some actions are still done upon the SEI even if SEI si not known to be correct. For example, an exported file usually fails the first validation since it does not belong to the file. This first validation is therefore ignored and signals SIGNATURE_PRESENT instead, since we know it is signed (there is a SEI). If the Public key has been changed or other critical data, the signature verification fails. Then NOT_OK should be signaled instead.
@bjornvolcker bjornvolcker added the bug Something isn't working label Jun 23, 2022
@bjornvolcker bjornvolcker mentioned this issue Jun 23, 2022
Merged
6 tasks
@bjornvolcker bjornvolcker self-assigned this Jun 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bjornvolcker bjornvolcker

Labels
bug Something isn't working
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bjornvolcker