projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
f04665a
)
Workaround for some CMS signature formats.
author
Dr. Stephen Henson
<steve@openssl.org>
Wed, 19 Mar 2014 17:28:01 +0000
(17:28 +0000)
committer
Dr. Stephen Henson
<steve@openssl.org>
Wed, 19 Mar 2014 17:28:01 +0000
(17:28 +0000)
Some CMS SignedData structure use a signature algorithm OID such
as SHA1WithRSA instead of the RSA algorithm OID. Workaround this
case by tolerating the signature if we recognise the OID.
crypto/rsa/rsa_ameth.c
patch
|
blob
|
history
diff --git
a/crypto/rsa/rsa_ameth.c
b/crypto/rsa/rsa_ameth.c
index db926b0e4260a8f67959c4502c37dd7002bf11ae..929193b4fa518ae5268d413dffbb25a183fa4c91 100644
(file)
--- a/
crypto/rsa/rsa_ameth.c
+++ b/
crypto/rsa/rsa_ameth.c
@@
-700,7
+700,7
@@
static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
static int rsa_cms_verify(CMS_SignerInfo *si)
{
- int nid;
+ int nid
, nid2
;
X509_ALGOR *alg;
EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
@@
-709,6
+709,12
@@
static int rsa_cms_verify(CMS_SignerInfo *si)
return 1;
if (nid == NID_rsassaPss)
return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
+ /* Workaround for some implementation that use a signature OID */
+ if (OBJ_find_sigid_algs(nid, NULL, &nid2))
+ {
+ if (nid2 == NID_rsaEncryption)
+ return 1;
+ }
return 0;
}