generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

An incompatibility has always existed between the format used for RSA

Browse Source 
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.

This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.

Add detection in RSA_verify so either format works.

Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
This commit is contained in:
Dr. Stephen Henson
2012-02-15 14:04:00 +00:00
parent 04296664e0
commit 83cb7c4635
2 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
crypto/rsa/rsa_sign.c
View File

@@ -182,6 +182,22 @@ int int_rsa_verify(int dtype, const unsigned char *m,
i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
if (i <= 0) goto err;
/* Oddball MDC2 case: signature can be OCTET STRING.
* check for correct tag and length octets.
*/
if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10)
{
if (rm)
{
memcpy(rm, s + 2, 16);
*prm_len = 16;
ret = 1;
}
else if(memcmp(m, s + 2, 16))
RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
else
ret = 1;
}
/* Special case: SSL signature */
if(dtype == NID_md5_sha1) {