diff options
author | steve <steve> | 2012-02-15 14:27:24 +0000 |
---|---|---|
committer | steve <steve> | 2012-02-15 14:27:24 +0000 |
commit | e9da4a886df418440f0884ed27e0393bdc8faee0 (patch) | |
tree | e31fc2d150e191f5fff2753174c7960cd1192cd0 | |
parent | 9524cc75db7a74dd04fee09e199f66d77e3927c1 (diff) | |
download | openssl-e9da4a886df418440f0884ed27e0393bdc8faee0.tar.gz |
Additional compatibility fix for MDC2 signature format.
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
-rw-r--r-- | CHANGES | 4 | ||||
-rw-r--r-- | crypto/rsa/rsa_pmeth.c | 15 |
2 files changed, 18 insertions, 1 deletions
@@ -274,6 +274,10 @@ the correct format in RSA_verify so both forms transparently work. [Steve Henson] + *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET + STRING form instead of a DigestInfo. + [Steve Henson] + *) Some servers which support TLS 1.0 can choke if we initially indicate support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA encrypted premaster secret. As a workaround use the maximum pemitted diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index caee3f6af..a59e2ee4c 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -169,7 +169,20 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, RSA_R_INVALID_DIGEST_LENGTH); return -1; } - if (rctx->pad_mode == RSA_X931_PADDING) + + if (EVP_MD_type(rctx->md) == NID_mdc2) + { + unsigned int sltmp; + if (rctx->pad_mode != RSA_PKCS1_PADDING) + return -1; + ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, + tbs, tbslen, sig, &sltmp, rsa); + + if (ret <= 0) + return ret; + ret = sltmp; + } + else if (rctx->pad_mode == RSA_X931_PADDING) { if (!setup_tbuf(rctx, ctx)) return -1; |