[krbdev.mit.edu #8506] PKINIT fails with PKCS#11 middlware that implements PKCS#1 V2.1
Tom Yu via RT
rt-comment at krbdev.mit.edu
Mon Oct 3 17:26:43 EDT 2016
As for "how did this ever work?": it seems that some PKCS #1 signature
verifiers are lenient (which can lead to vulnerabilities), so omitting
the (nominally required) NULL value from the AlgorithmIdentifier
encoding still produces a signature that they will accept. OpenSSL
master seems to do a round trip through DER, with the parameters field
optional (as in the ASN.1 module for PKCS #1).
This one smart card seems to verify the encoding. I don't know how many
other smart cards verify the DigestInfo encoding.
More information about the krb5-bugs
mailing list