diff options
| author | Tomas Mraz <tomas@openssl.org> | 2021-04-14 16:35:28 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-04-15 18:09:37 +0200 |
| commit | a56fcf20da9e2bbc73aa3cf503204bdb44cb023f (patch) | |
| tree | 9f04ad6944ca3b36cda4200903ad3f3b339d6866 /providers/common | |
| parent | ddf0d149e2fd0d894eec08f7237f5a686fc85575 (diff) | |
Add OID for mdc2WithRSASignature and remove related TODO 3.0
Fixes #14366
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14874)
Diffstat (limited to 'providers/common')
| -rw-r--r-- | providers/common/der/RSA.asn1 | 6 | ||||
| -rw-r--r-- | providers/common/der/der_rsa_sig.c | 11 |
2 files changed, 14 insertions, 3 deletions
diff --git a/providers/common/der/RSA.asn1 b/providers/common/der/RSA.asn1 index 6ba99daa7c..e3cd714d1c 100644 --- a/providers/common/der/RSA.asn1 +++ b/providers/common/der/RSA.asn1 @@ -69,10 +69,14 @@ id-rsassa-pkcs1-v1_5-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 16 } -- ------------------------------------------------------------------- -- These OID's exist in the codebase but may need to be deprecated at some point. --- mdc2 and md5_sha1 have been omitted as they do not look like valid entries. +-- md5_sha1 has been omitted as it does not look like valid entry. md4WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 3 } ripemd160WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) teletrust(36) algorithm(3) signatureAlgorithm(3) rsaSignature(1) 2 } + +mdc2WithRSASignature OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) mdc2WithRSASignature(14) +} diff --git a/providers/common/der/der_rsa_sig.c b/providers/common/der/der_rsa_sig.c index aa49968a5b..08d00641e9 100644 --- a/providers/common/der/der_rsa_sig.c +++ b/providers/common/der/der_rsa_sig.c @@ -21,6 +21,8 @@ ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384 #define ossl_der_oid_sha3_512WithRSAEncryption \ ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512 +#define ossl_der_oid_mdc2WithRSAEncryption \ + ossl_der_oid_mdc2WithRSASignature #define MD_with_RSA_CASE(name, var) \ case NID_##name: \ @@ -40,7 +42,7 @@ int ossl_DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag, MD_with_RSA_CASE(md5, precompiled); MD_with_RSA_CASE(md4, precompiled); MD_with_RSA_CASE(ripemd160, precompiled); -/* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */ + MD_with_RSA_CASE(mdc2, precompiled); #endif MD_with_RSA_CASE(sha1, precompiled); MD_with_RSA_CASE(sha224, precompiled); @@ -54,7 +56,12 @@ int ossl_DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag, MD_with_RSA_CASE(sha3_384, precompiled); MD_with_RSA_CASE(sha3_512, precompiled); default: - return 0; + /* + * Hash algorithms for which we do not have a valid OID + * such as md5sha1 will just fail to provide the der encoding. + * That does not prevent producing signatures if OID is not needed. + */ + return -1; } return ossl_DER_w_begin_sequence(pkt, tag) |