Skip to content
Snippets Groups Projects
Commit ecbd0720 authored by Olav Morken's avatar Olav Morken
Browse files

SAML2_Utils: Fix for attack against PKCS#1 v1.5 described in a new paper. 

See: http://www.nds.rub.de/research/publications/breaking-xml-encryption-pkcs15/

This fix avoids the problems described in that paper by taking two
measures:
- Require that decrypted contents is at least 4 bytes, since that is the
  shortest length of an XML element.
- Generate a (invalid) symmetric key that is deterministic for a given
  encrypted key and private key.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3132 44740490-163a-0410-bde0-09ae8108e29a
parent a4967017
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 7 additions and 3 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment