Commit 58631637 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Additional compatibility fix for MDC2 signature format. 

Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
parent 83cb7c46

CHANGES

+4 −0
Original line number Diff line number Diff line
@@ -274,6 +274,10 @@ 
     the correct format in RSA_verify so both forms transparently work.

     [Steve Henson]



  *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET

     STRING form instead of a DigestInfo.

     [Steve Henson]



  *) Some servers which support TLS 1.0 can choke if we initially indicate

     support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA

     encrypted premaster secret. As a workaround use the maximum pemitted

crypto/rsa/rsa_pmeth.c

+14 −1
Original line number Diff line number Diff line
@@ -169,7 +169,20 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 
					RSA_R_INVALID_DIGEST_LENGTH);

			return -1;

			}

		if (rctx->pad_mode == RSA_X931_PADDING)



		if (EVP_MD_type(rctx->md) == NID_mdc2)

			{

			unsigned int sltmp;

			if (rctx->pad_mode != RSA_PKCS1_PADDING)

				return -1;

			ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,

						tbs, tbslen, sig, &sltmp, rsa);



			if (ret <= 0)

				return ret;

			ret = sltmp;

			}

		else if (rctx->pad_mode == RSA_X931_PADDING)

			{

			if (!setup_tbuf(rctx, ctx))

				return -1;