Skip to content

Remove verification function which is cryptographically weak #28

Description

@rkeene

The following code updates an introduced a weakness in the verification of certificate signatures. There are no cases where we do not know the curve being used when validating a signature, but this function works around a hypothetical case by trying multiple signature verifications and returning success if any of them pass.

https://github.com/KeetaNetwork/node-rs/pull/26/changes#diff-004a1fd4441a4d4d96a30edfd022e47f5bf2de7e276f397fd1cc4f83e267bce2R742-R753

Any usage of this function would also be a bug.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions