关键漏洞信息 E03: HMAC Truncation (CVE-2009-0217) - Class: Substantive - Affects Conformance: Yes - Description: - The parameter is used for HMAC algorithms. If this parameter is trusted without further verification, it can lead to a security bypass. Signatures must be deemed invalid if the truncation length is below half the underlying hash algorithm's output length, or 80 bits, whichever is greater. - Impact: - Addresses a vulnerability in XML Signature implementations, where trusting the truncation length without verification can lead to security bypass. E04: HMAC Padding - Class: Substantive - Affects Conformance: Yes - Description: - For best interoperability, HMACOutputLength should be set to a value that is a multiple of 8. If not divisible by 8, verifiers may use the nearest multiple of 8 that is smaller. This optional cut-off is equivalent to ignoring the rightmost 1-7 bits of the HMAC's output. - Impact: - Ensures better interoperability and security by handling HMAC padding correctly. These errata address substantive issues that affect the conformance and security of XML Signature implementations, particularly around HMAC truncation and padding.