diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-03-19 17:28:01 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-03-19 17:29:55 +0000 |
commit | 66243398bbb3d8ad0f77532905955a9a564f2d4f (patch) | |
tree | 6ec9de3fbb73647c45cabcfc5c87aaa8e676012b /crypto/rsa | |
parent | aa10982c49c941799b4229cc9b081dcc738f6ee8 (diff) |
Workaround for some CMS signature formats.
Some CMS SignedData structure use a signature algorithm OID such
as SHA1WithRSA instead of the RSA algorithm OID. Workaround this
case by tolerating the signature if we recognise the OID.
(cherry picked from commit 3a98f9cf20c6af604799ee079bec496b296bb5cc)
Diffstat (limited to 'crypto/rsa')
-rw-r--r-- | crypto/rsa/rsa_ameth.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index db926b0e42..929193b4fa 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -700,7 +700,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, static int rsa_cms_verify(CMS_SignerInfo *si) { - int nid; + int nid, nid2; X509_ALGOR *alg; EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); @@ -709,6 +709,12 @@ static int rsa_cms_verify(CMS_SignerInfo *si) return 1; if (nid == NID_rsassaPss) return rsa_pss_to_ctx(NULL, pkctx, alg, NULL); + /* Workaround for some implementation that use a signature OID */ + if (OBJ_find_sigid_algs(nid, NULL, &nid2)) + { + if (nid2 == NID_rsaEncryption) + return 1; + } return 0; } |