An incompatibility has always existed between the format used for RSA

signatures and MDC2 using EVP or RSA_sign. This has become more apparent when the dgst utility in OpenSSL 1.0.0 and later switched to using the EVP_DigestSign functions which call RSA_sign. This means that the signature format OpenSSL 1.0.0 and later used with dgst -sign and MDC2 is incompatible with previous versions. Add detection in RSA_verify so either format works. Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
author: Dr. Stephen Henson <steve@openssl.org> 2012-02-15 14:04:00 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-02-15 14:04:00 +0000
commit: 83cb7c46353b849b9511f1328a06a1ef33baf5c8 (patch)
tree: 1827ba26ae169613ed204c7a045cca0272cf8628 /CHANGES
parent: 04296664e05ed98128e35d25c1e03e162703b912 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 37124447a9..d4163ca955 100644
--- a/CHANGES
+++ b/CHANGES
@@ -267,6 +267,13 @@
   
  Changes between 1.0.0f and 1.0.1  [xx XXX xxxx]
 
+  *) The format used for MDC2 RSA signatures is inconsistent between EVP
+     and the RSA_sign/RSA_verify functions. This was made more apparent when
+     OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular
+     those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect 
+     the correct format in RSA_verify so both forms transparently work.
+     [Steve Henson]
+
   *) Some servers which support TLS 1.0 can choke if we initially indicate
      support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
      encrypted premaster secret. As a workaround use the maximum pemitted
author	Dr. Stephen Henson <steve@openssl.org>	2012-02-15 14:04:00 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-02-15 14:04:00 +0000
commit	83cb7c46353b849b9511f1328a06a1ef33baf5c8 (patch)
tree	1827ba26ae169613ed204c7a045cca0272cf8628 /CHANGES
parent	04296664e05ed98128e35d25c1e03e162703b912 (diff)