On Fri, Jun 18, 1999 at 09:54:27AM +0200, Dror Otmi wrote:
> As you asked I send you two of those
> requests that pass the verification test of SSLeay 0.8.1 but not of
> OpenSSL 0.9.2b and higher (I didn't test the versions in between).
I tested DrorReq.pem with SSLeay 0.8.1b (which, I think, is like 0.8.1
except for a change related to the Bleichenbacher attack on PKCS #1,
which did not have any effect on any actual computations), and
verification failed also with that version. Both with 0.8.1b and
0.9.2b, the hash can be obtained from the RSA signature and has
correct length etc., but differs from the one computed for
verification.
All this seems to suggest that in 0.8.1 there was a platform-specific
bug in either the encoding functions used by i2d_X509_REQ_INFO (most
likely in the integer encoding), or in the hash computation. On what
platform ("Configure" entry) did you compile and use 0.8.1?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
