From 8d4b93d7beae6831f950f3f89c8688f01cd04f34 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 7 Oct 2016 12:06:37 +0200
Subject: pkcs7: allow unknown and legacy signature data OIDs to be imported

This allows to decode very old PKCS#7 structures where the content is not
an octet string. In addition, it introduces gnutls_pkcs7_get_embedded_data_oid()
to obtain the OID of the signature data.
---
 lib/pkix.asn | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'lib/pkix.asn')

diff --git a/lib/pkix.asn b/lib/pkix.asn
index 6b6b427a71..20aa7904db 100644
--- a/lib/pkix.asn
+++ b/lib/pkix.asn
@@ -349,9 +349,12 @@ pkcs-7-SignedData ::= SEQUENCE {
 
 pkcs-7-DigestAlgorithmIdentifiers ::= SET OF AlgorithmIdentifier
 
+-- rfc5652: eContent [0] EXPLICIT OCTET STRING OPTIONAL
+-- rfc2315: content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
+
 pkcs-7-EncapsulatedContentInfo ::= SEQUENCE {
   eContentType pkcs-7-ContentType,
-  eContent [0] EXPLICIT OCTET STRING OPTIONAL }
+  eContent [0] EXPLICIT ANY OPTIONAL }
 
 -- We don't use CertificateList here since we only want
 -- to read the raw data.
-- 
cgit v1.2.1