generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Workaround for some CMS signature formats.

Browse Source 
Some CMS SignedData structure use a signature algorithm OID such
as SHA1WithRSA instead of the RSA algorithm OID. Workaround this
case by tolerating the signature if we recognise the OID.
(cherry picked from commit 3a98f9cf20c6af604799ee079bec496b296bb5cc)
This commit is contained in:
Dr. Stephen Henson 2014-03-19 17:28:01 +00:00
parent aa10982c49
commit 66243398bb
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/rsa/rsa_ameth.c
View File

@ -700,7 +700,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
static int rsa_cms_verify(CMS_SignerInfo *si)
{
int nid;
int nid, nid2;
X509_ALGOR *alg;
EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
@ -709,6 +709,12 @@ static int rsa_cms_verify(CMS_SignerInfo *si)
return 1;
if (nid == NID_rsassaPss)
return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
/* Workaround for some implementation that use a signature OID */
if (OBJ_find_sigid_algs(nid, NULL, &nid2))
{
if (nid2 == NID_rsaEncryption)
return 1;
}
return 0;
}