Additional compatibility fix for MDC2 signature format.

Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature: this will make all versions of MDC2 signature equivalent.

Additional compatibility fix for MDC2 signature format.
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature: this will make all versions of MDC2 signature equivalent.
58631637 · Dr. Stephen Henson · 83cb7c46 · 58631637 · 58631637
隐藏空白更改
内联并排

Showing with 18 addition and 1 deletion

CHANGES CHANGES +4 -0

crypto/rsa/rsa_pmeth.c crypto/rsa/rsa_pmeth.c +14 -1

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -274,6 +274,10 @@
     the correct format in RSA_verify so both forms transparently work.
     [Steve Henson]

+  *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
+     STRING form instead of a DigestInfo.
+     [Steve Henson]
+
  *) Some servers which support TLS 1.0 can choke if we initially indicate
     support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
     encrypted premaster secret. As a workaround use the maximum pemitted

--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -169,7 +169,20 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
 					RSA_R_INVALID_DIGEST_LENGTH);
 			return -1;
 			}
-		if (rctx->pad_mode == RSA_X931_PADDING)
+
+		if (EVP_MD_type(rctx->md) == NID_mdc2)
+			{
+			unsigned int sltmp;
+			if (rctx->pad_mode != RSA_PKCS1_PADDING)
+				return -1;
+			ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,
+						tbs, tbslen, sig, &sltmp, rsa);
+
+			if (ret <= 0)
+				return ret;
+			ret = sltmp;
+			}
+		else if (rctx->pad_mode == RSA_X931_PADDING)
 			{
 			if (!setup_tbuf(rctx, ctx))
 				return -1;