diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-03-19 17:28:01 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-03-19 17:29:55 +0000 |
commit | 66243398bbb3d8ad0f77532905955a9a564f2d4f (patch) | |
tree | 6ec9de3fbb73647c45cabcfc5c87aaa8e676012b | |
parent | aa10982c49c941799b4229cc9b081dcc738f6ee8 (diff) | |
download | openssl-new-66243398bbb3d8ad0f77532905955a9a564f2d4f.tar.gz |
Workaround for some CMS signature formats.
Some CMS SignedData structure use a signature algorithm OID such
as SHA1WithRSA instead of the RSA algorithm OID. Workaround this
case by tolerating the signature if we recognise the OID.
(cherry picked from commit 3a98f9cf20c6af604799ee079bec496b296bb5cc)
-rw-r--r-- | crypto/rsa/rsa_ameth.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index db926b0e42..929193b4fa 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -700,7 +700,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, static int rsa_cms_verify(CMS_SignerInfo *si) { - int nid; + int nid, nid2; X509_ALGOR *alg; EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); @@ -709,6 +709,12 @@ static int rsa_cms_verify(CMS_SignerInfo *si) return 1; if (nid == NID_rsassaPss) return rsa_pss_to_ctx(NULL, pkctx, alg, NULL); + /* Workaround for some implementation that use a signature OID */ + if (OBJ_find_sigid_algs(nid, NULL, &nid2)) + { + if (nid2 == NID_rsaEncryption) + return 1; + } return 0; } |