diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-03-19 17:28:01 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-03-19 17:28:01 +0000 |
commit | 3a98f9cf20c6af604799ee079bec496b296bb5cc (patch) | |
tree | dafcb88ccdb73d58f62d8739a96b3b0a85904e0b /crypto/rsa/rsa_ameth.c | |
parent | f04665a653665cd6432b9adfeb7c7f12a7447d26 (diff) |
Workaround for some CMS signature formats.
Some CMS SignedData structure use a signature algorithm OID such
as SHA1WithRSA instead of the RSA algorithm OID. Workaround this
case by tolerating the signature if we recognise the OID.
Diffstat (limited to 'crypto/rsa/rsa_ameth.c')
-rw-r--r-- | crypto/rsa/rsa_ameth.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index db926b0e42..929193b4fa 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -700,7 +700,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, static int rsa_cms_verify(CMS_SignerInfo *si) { - int nid; + int nid, nid2; X509_ALGOR *alg; EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); @@ -709,6 +709,12 @@ static int rsa_cms_verify(CMS_SignerInfo *si) return 1; if (nid == NID_rsassaPss) return rsa_pss_to_ctx(NULL, pkctx, alg, NULL); + /* Workaround for some implementation that use a signature OID */ + if (OBJ_find_sigid_algs(nid, NULL, &nid2)) + { + if (nid2 == NID_rsaEncryption) + return 1; + } return 0; } |