diff options
author | nelsonb%netscape.com <devnull@localhost> | 2004-01-14 22:20:44 +0000 |
---|---|---|
committer | nelsonb%netscape.com <devnull@localhost> | 2004-01-14 22:20:44 +0000 |
commit | 1f308d745f87b7f98f12fa6745633a6631534478 (patch) | |
tree | 5eb3f6b9a386fcac0cf9e2bf8c86b635ab1f11db | |
parent | c895ccc7a05550a33a0957e07f5cb8b5eeb71c7e (diff) | |
download | nss-hg-1f308d745f87b7f98f12fa6745633a6631534478.tar.gz |
Add 2 additional OIDs to the list of acceptable digestEncryptionAlgIDs,
per RFC 3370. r=thayes. Bug 230761.
-rw-r--r-- | security/nss/lib/smime/cmssiginfo.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/security/nss/lib/smime/cmssiginfo.c b/security/nss/lib/smime/cmssiginfo.c index bcd6839d7..027593181 100644 --- a/security/nss/lib/smime/cmssiginfo.c +++ b/security/nss/lib/smime/cmssiginfo.c @@ -344,6 +344,7 @@ NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert; NSSCMSVerificationStatus vs = NSSCMSVS_Unverified; PLArenaPool *poolp; + SECOidTag tag; if (signerinfo == NULL) return SECFailure; @@ -370,10 +371,13 @@ NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, * and we would Just Work. So this check should just be removed, * but not until the VFY code is better at setting errors. */ - switch (SECOID_GetAlgorithmTag(&(signerinfo->digestEncAlg))) { + tag = SECOID_GetAlgorithmTag(&(signerinfo->digestEncAlg)); + switch (tag) { case SEC_OID_PKCS1_RSA_ENCRYPTION: case SEC_OID_ANSIX9_DSA_SIGNATURE: case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: + case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: /* ok */ break; case SEC_OID_UNKNOWN: |