pkcs7: allow unknown and legacy signature data OIDs to be imported

This allows to decode very old PKCS#7 structures where the content is not an octet string. In addition, it introduces gnutls_pkcs7_get_embedded_data_oid() to obtain the OID of the signature data.
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-10-07 12:06:37 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-10-11 13:59:41 +0200
commit: 8d4b93d7beae6831f950f3f89c8688f01cd04f34 (patch)
tree: f2a6f1dc3a3b739542f00edc343bb6a86601ffdb /lib/pkix.asn
parent: 8d3485e299779dc8bf1e38a1a0a275a4df2363bb (diff)
download: gnutls-8d4b93d7beae6831f950f3f89c8688f01cd04f34.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/pkix.asn b/lib/pkix.asn
index 6b6b427a71..20aa7904db 100644
--- a/lib/pkix.asn
+++ b/lib/pkix.asn
@@ -349,9 +349,12 @@ pkcs-7-SignedData ::= SEQUENCE {
 
 pkcs-7-DigestAlgorithmIdentifiers ::= SET OF AlgorithmIdentifier
 
+-- rfc5652: eContent [0] EXPLICIT OCTET STRING OPTIONAL
+-- rfc2315: content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
+
 pkcs-7-EncapsulatedContentInfo ::= SEQUENCE {
   eContentType pkcs-7-ContentType,
-  eContent [0] EXPLICIT OCTET STRING OPTIONAL }
+  eContent [0] EXPLICIT ANY OPTIONAL }
 
 -- We don't use CertificateList here since we only want
 -- to read the raw data.
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-10-07 12:06:37 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-10-11 13:59:41 +0200
commit	8d4b93d7beae6831f950f3f89c8688f01cd04f34 (patch)
tree	f2a6f1dc3a3b739542f00edc343bb6a86601ffdb /lib/pkix.asn
parent	8d3485e299779dc8bf1e38a1a0a275a4df2363bb (diff)
download	gnutls-8d4b93d7beae6831f950f3f89c8688f01cd04f34.tar.gz