Dr. Stephen Henson wrote:
On Wed, Feb 01, 2012, Roumen Petrov wrote:
[SNIP]
Looking into this there is a long standing incompatibility between
various functions that use mdc2 for signatures. Since SSLeay the
function RSA_sign() using mdc2 as an argument uses a DigestInfo
structure whereas using EVP ends up with a different octet string
format signature. It's only when the signature code was revised to use
RSA_sign more extensively that this is more apparent. How widespread
is use of mdc2 for signatures and certificates?
mdc2 is not important for certificates as the list of certificates
included in some linux distributions does not include such certificates.
Is possible issue between 1.0.0 and 1.0.1stable branch to be related to
different RSA methods:
- 1.0.0e: Eric Young's PKCS#1 RSA
- 1.0.1branch: Intel RSA-X method
I can address the 1.0.1 certificate issue fairly easily but I'm wondering if
some compatibility option is needed for dgst too.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see:http://www.openssl.org
______________________________________________________________________
Roumen
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
