tolerate broken CMS/PKCS7 implementations using signature OID instead of digest

[openssl.git] / crypto / cms / cms_lib.c

diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 6c0d5c097cc213fd35cb978fb17926f17003d2ba..b62d1bfac02b750f59021e74de3d5c2fa81ad772 100644 (file)
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -406,11 +406,12 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
                        return 0;
                        }
                BIO_get_md_ctx(chain, &mtmp);
-               if (EVP_MD_CTX_type(mtmp) == nid)
-                       {
-                       EVP_MD_CTX_copy_ex(mctx, mtmp);
-                       return 1;
-                       }
+               if (EVP_MD_CTX_type(mtmp) == nid
+               /* Workaround for broken implementations that use signature
+                * algorithm  OID instead of digest.
+                */
+                       || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
+                       return EVP_MD_CTX_copy_ex(mctx, mtmp);
                chain = BIO_next(chain);
                }
        }