tolerate broken CMS/PKCS7 implementations using signature OID instead of digest

author Dr. Stephen Henson <steve@openssl.org>

Tue, 2 Feb 2010 14:19:54 +0000 (14:19 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 2 Feb 2010 14:19:54 +0000 (14:19 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 2 Feb 2010 14:19:54 +0000 (14:19 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 2 Feb 2010 14:19:54 +0000 (14:19 +0000)
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c

index 8e6c1d29a52cc84b70e4e4ac4ffea32d994ea5f1..cc00526d3e076361b8b43e51d8f4940d853409ec 100644 (file)
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -415,7 +415,11 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
                         return 0;
                         }
                 BIO_get_md_ctx(chain, &mtmp);
-               if (EVP_MD_CTX_type(mtmp) == nid)
+               if (EVP_MD_CTX_type(mtmp) == nid
+               /* Workaround for broken implementations that use signature
+                * algorithm  OID instead of digest.
+                */
+                       || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
                         {
                         EVP_MD_CTX_copy_ex(mctx, mtmp);
                         return 1;
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 2 Feb 2010 14:19:54 +0000 (14:19 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 2 Feb 2010 14:19:54 +0000 (14:19 +0000)