Skip to content

RDKB-65466 : secvuln for EVP_verifyfinal#18

Open
ashutoshharry wants to merge 2 commits into
developfrom
bug/RDKB-65466
Open

RDKB-65466 : secvuln for EVP_verifyfinal#18
ashutoshharry wants to merge 2 commits into
developfrom
bug/RDKB-65466

Conversation

@ashutoshharry

Copy link
Copy Markdown

secvuln for EVP_verifyfinal

secvuln for EVP_verifyfinal
Copilot AI review requested due to automatic review settings June 9, 2026 19:03
@ashutoshharry ashutoshharry requested a review from a team as a code owner June 9, 2026 19:03

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the OpenSSL signature verification path to correctly interpret EVP_VerifyFinal() return values, addressing a security issue where verification failures could be treated as successful verification.

Changes:

  • Update EVP_VerifyFinal() result handling to only mark verification as successful when err == 1.
  • Adjust success/failure logging around the verification result.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread source/jst_functions.c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants