Migrated from: https://gitlab.com/m2crypto/m2crypto/-/issues/95
Created by: Jeremy Cline jeremycline@microsoft.com
Created at: 2016-01-05T18:13:18.274Z
When a signature verification fails, m2crypto fails to clear the error stack. This causes other libraries in the same process to fail if they make assertions about the error stack being empty on initialization, for example. This occurs here: https://gitlab.com/m2crypto/m2crypto/blob/8bbd1126681b87d0fc45ce34bc51a6eafdafc7c9/SWIG/_rsa.i#L409-411
The RSA_verify call appears to result in two errors being placed on the stack: '0x7fa6bb35111a "block type is not 01"' and '0x7fa6bb35141d "padding check failed"'.
Personally I'd prefer the entire stack of errors resulting from a call returned, I'm just not sure how best to format that. It looks like a single call to ERR_get_error is very common in the codebase, so this might not be the only place this causes a problem, either. I think it would be best if every method ensured the stack was empty before making a call and ensured its emptied after each call.
On 2016-01-05T18:23:19.870Z, Jeremy Cline wrote:
bad_stack.py For reference I've attached a Python script that successfully validates a signature and then fails to validate one. If you inspect the error stack just before the rsa_verify call and just after with GDB, you'll see there's more errors on the stack.
Changed on 2016-03-20T22:01:16.783Z by Matěj Cepl:
Milestone changed to 0.25.0
Changed on 2016-07-12T19:15:49.541Z by Matěj Cepl:
Milestone changed to 0.28
Changed on 2017-10-07T21:33:41.153Z by Matěj Cepl:
changed milestone to 0.29
Changed on 2018-02-23T21:19:24.811Z by Matěj Cepl:
removed milestone
Changed on 2018-06-25T20:07:56.686Z by Daniel Alley:
mentioned in issue #217
Changed on 2023-02-03T10:39:00.681Z by Matěj Cepl:
changed the description
(Last edited at 2023-02-03T10:39:00.683Z.)
Changed on 2023-02-03T10:39:00.719Z by Matěj Cepl:
removed time estimate
(Last edited at 2023-02-03T10:39:00.720Z.)
Need to investigate.