From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 2 Feb 2010 14:30:39 +0000 (+0000)
Subject: tolerate broken CMS/PKCS7 implementations using signature OID instead of digest
X-Git-Tag: OpenSSL-fips-2_0-rc1~1286
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2712a2f6256a69e914b174e1915b029b1f4b9554;p=openssl

tolerate broken CMS/PKCS7 implementations using signature OID instead of digest
---

diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 714b1d9b1c..b62d1bfac0 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -406,7 +406,11 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
 			return 0;
 			}
 		BIO_get_md_ctx(chain, &mtmp);
-		if (EVP_MD_CTX_type(mtmp) == nid)
+		if (EVP_MD_CTX_type(mtmp) == nid
+		/* Workaround for broken implementations that use signature
+		 * algorithm  OID instead of digest.
+		 */
+			|| EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
 			return EVP_MD_CTX_copy_ex(mctx, mtmp);
 		chain = BIO_next(chain);
 		}