Rickard Bondesson reported on the mailing list that he had noticed

a discrepency between OpenSSL and Botan when generating SHA-512/EMSA3
signatures. In fact it turns out that the EMSA3 identifier for SHA-512
contained a typo and was incorrect.

Unfortunately this means that SHA-512/EMSA3 signatures generated by
Botan up until now will not be accepted by other implementations, and
the signatures by other implementations would not be accepted by Botan.

Currently I am not making any provision for backwards compatability with
the old incorrect hash identifier, since I am assuming/guessing that
SHA-512/EMSA3 is not a very common combination.

3 files changed, 18 insertions, 12 deletions

diff --git a/doc/log.txt b/doc/log.txt
index 4c2fbc373..87427e7c1 100644
--- a/doc/log.txt
+++ b/doc/log.txt
@@ -3,6 +3,7 @@
  - Wrap private structs in SSE2 SHA-1 code in anonymous namespace
  - Change configure.pl's CPU autodetection output to be more consistent
  - Disable using OpenSSL's AES due to crashes
+ - Fix a compatibility problem with SHA-512/EMSA3 signature padding
  - Fix bug preventing EGD entropy poller from working
  - Fix warning in /proc walking entropy poller
  - Fix compilation with IBM XLC for Cell 0.9
diff --git a/doc/thanks.txt b/doc/thanks.txt
index b6a3ef30b..caa2fb538 100644
--- a/doc/thanks.txt
+++ b/doc/thanks.txt
@@ -3,6 +3,7 @@ The following people (sorted alphabetically) contributed bug reports, useful
 information, or were generally just helpful people to talk to:
 
 Jeff B
+Rickard Bondesson
 Mike Desjardins
 Matthew Gregan
 Hany Greiss
@@ -16,10 +17,12 @@ Kaushik Veeraraghavan
 Dominik Vogt
 James Widener
 
+Cerulean Studios, creators of the Trillian instant messaging client,
+has provided financial assistance to the project.
+
 Barry Kavanagh of AEP Systems Ltd kindly provided an AEP2000 crypto card and
 drivers, enabling the creation of Botan's AEP engine module.
 
-
 In addition, the following people have unknowingly contributed help:
 
   Dean Gaudet <[email protected]> wrote the SSE2 implementation of SHA-1
diff --git a/src/pk_pad/hash_id/hash_id.cpp b/src/pk_pad/hash_id/hash_id.cpp
index 123a0de0e..7f375371f 100644
--- a/src/pk_pad/hash_id/hash_id.cpp
+++ b/src/pk_pad/hash_id/hash_id.cpp
@@ -1,7 +1,7 @@
-/*************************************************
-* Hash Function Identification Source File       *
-* (C) 1999-2007 Jack Lloyd                       *
-*************************************************/
+/*
+* Hash Function Identification Source File
+* (C) 1999-2008 Jack Lloyd
+*/
 
 #include <botan/hash_id.h>
 #include <botan/exceptn.h>
@@ -39,7 +39,7 @@ const byte SHA_384_ID[] = {
 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30 };
 
 const byte SHA_512_ID[] = {
-0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
+0x30, 0x51, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 };
 
 const byte TIGER_ID[] = {
@@ -48,9 +48,11 @@ const byte TIGER_ID[] = {
 
 }
 
-/*************************************************
-* Return the HashID, as specified by PKCS        *
-*************************************************/
+/**
+* @return HashID as specified by PKCS
+* For details see RFC 3447 section 9.2
+* http://tools.ietf.org/html/rfc3447#section-9.2
+*/
 MemoryVector<byte> pkcs_hash_id(const std::string& name)
    {
    MemoryVector<byte> out;
@@ -83,9 +85,9 @@ MemoryVector<byte> pkcs_hash_id(const std::string& name)
    throw Invalid_Argument("No PKCS #1 identifier for " + name);
    }
 
-/*************************************************
-* Return the HashID, as specified by IEEE 1363   *
-*************************************************/
+/**
+* @return HashID as specified by IEEE 1363/X9.31
+*/
 byte ieee1363_hash_id(const std::string& name)
    {
    if(name == "RIPEMD-160") return 0x31;