Workaround for some CMS signature formats.

Some CMS SignedData structure use a signature algorithm OID such as SHA1WithRSA instead of the RSA algorithm OID. Workaround this case by tolerating the signature if we recognise the OID.
author: Dr. Stephen Henson <steve@openssl.org> 2014-03-19 17:28:01 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-03-19 17:28:01 +0000
commit: 3a98f9cf20c6af604799ee079bec496b296bb5cc (patch)
tree: dafcb88ccdb73d58f62d8739a96b3b0a85904e0b /crypto/rsa/rsa_ameth.c
parent: f04665a653665cd6432b9adfeb7c7f12a7447d26 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index db926b0e42..929193b4fa 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -700,7 +700,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
 
 static int rsa_cms_verify(CMS_SignerInfo *si)
 	{
-	int nid;
+	int nid, nid2;
 	X509_ALGOR *alg;
 	EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
 	CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
@@ -709,6 +709,12 @@ static int rsa_cms_verify(CMS_SignerInfo *si)
 		return 1;
 	if (nid == NID_rsassaPss)
 		return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
+	/* Workaround for some implementation that use a signature OID */
+	if (OBJ_find_sigid_algs(nid, NULL, &nid2))
+		{
+		if (nid2 == NID_rsaEncryption)
+			return 1;
+		}
 	return 0;
 	}
author	Dr. Stephen Henson <steve@openssl.org>	2014-03-19 17:28:01 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-03-19 17:28:01 +0000
commit	3a98f9cf20c6af604799ee079bec496b296bb5cc (patch)
tree	dafcb88ccdb73d58f62d8739a96b3b0a85904e0b /crypto/rsa/rsa_ameth.c
parent	f04665a653665cd6432b9adfeb7c7f12a7447d26 (diff)