generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Workaround for some CMS signature formats.

Browse Source 
Some CMS SignedData structure use a signature algorithm OID such
as SHA1WithRSA instead of the RSA algorithm OID. Workaround this
case by tolerating the signature if we recognise the OID.
This commit is contained in:
Dr. Stephen Henson 2014-03-19 17:28:01 +00:00
parent f04665a653
commit 3a98f9cf20
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/rsa/rsa_ameth.c
View File

@ -700,7 +700,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
static int rsa_cms_verify(CMS_SignerInfo *si)
{
int nid;
int nid, nid2;
X509_ALGOR *alg;
EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
@ -709,6 +709,12 @@ static int rsa_cms_verify(CMS_SignerInfo *si)
return 1;
if (nid == NID_rsassaPss)
return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
/* Workaround for some implementation that use a signature OID */
if (OBJ_find_sigid_algs(nid, NULL, &nid2))
{
if (nid2 == NID_rsaEncryption)
return 1;
}
return 0;
}