Workaround for some CMS signature formats.

Some CMS SignedData structure use a signature algorithm OID such
as SHA1WithRSA instead of the RSA algorithm OID. Workaround this
case by tolerating the signature if we recognise the OID.
(cherry picked from commit 3a98f9cf20c6af604799ee079bec496b296bb5cc)

1 files changed, 7 insertions, 1 deletions

diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index db926b0e42..929193b4fa 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -700,7 +700,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
 
 static int rsa_cms_verify(CMS_SignerInfo *si)
 	{
-	int nid;
+	int nid, nid2;
 	X509_ALGOR *alg;
 	EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
 	CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
@@ -709,6 +709,12 @@ static int rsa_cms_verify(CMS_SignerInfo *si)
 		return 1;
 	if (nid == NID_rsassaPss)
 		return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
+	/* Workaround for some implementation that use a signature OID */
+	if (OBJ_find_sigid_algs(nid, NULL, &nid2))
+		{
+		if (nid2 == NID_rsaEncryption)
+			return 1;
+		}
 	return 0;
 	}