Additional compatibility fix for MDC2 signature format.

Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.

diff --git a/CHANGES b/CHANGES
index cd3500f8445d325e571e029b9b700eabc488b45d..43961e0aa154a770e7f3a298fdf758c7fb5303ff 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 1.0.0f and 1.0.1  [xx XXX xxxx]
 
+  *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
+     STRING form instead of a DigestInfo.
+     [Steve Henson]
+
   *) The format used for MDC2 RSA signatures is inconsistent between EVP
      and the RSA_sign/RSA_verify functions. This was made more apparent when
      OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular

diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 2177f3f5c546d5d52207584f35414fc9a4340db2..5b2ecf56adc7343b8661ac4c9c4222a00dde5a10 100644 (file)
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -222,7 +222,20 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                        return ret;
                        }
 #endif
-               if (rctx->pad_mode == RSA_X931_PADDING)
+
+               if (EVP_MD_type(rctx->md) == NID_mdc2)
+                       {
+                       unsigned int sltmp;
+                       if (rctx->pad_mode != RSA_PKCS1_PADDING)
+                               return -1;
+                       ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,
+                                               tbs, tbslen, sig, &sltmp, rsa);
+
+                       if (ret <= 0)
+                               return ret;
+                       ret = sltmp;
+                       }
+               else if (rctx->pad_mode == RSA_X931_PADDING)
                        {
                        if (!setup_tbuf(rctx, ctx))
                                return -1;