From: Richard Levitte <levitte@openssl.org>
Date: Sun, 31 Jan 2021 22:15:08 +0000 (+0100)
Subject: PROV: Fix encoding of MDWithRSAEncryption signature AlgorithmID
X-Git-Tag: openssl-3.0.0-alpha12~108
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2bb05a9668323ac2719f84cf8e9ccffc2bc99916;p=thirdparty%2Fopenssl.git

PROV: Fix encoding of MDWithRSAEncryption signature AlgorithmID

All {MD}WithRSAEncryption signature AlgorithmID have the parameters
being NULL, according to PKCS#1.  We didn't.  Now corrected.

This bug was the topic of this thread on openssl-users@openssl.org:
https://mta.openssl.org/pipermail/openssl-users/2021-January/013416.html

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14030)
---

diff --git a/providers/common/der/der_rsa_sig.c b/providers/common/der/der_rsa_sig.c
index 94ed60b69ff..7fb69f87b09 100644
--- a/providers/common/der/der_rsa_sig.c
+++ b/providers/common/der/der_rsa_sig.c
@@ -58,7 +58,9 @@ int ossl_DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag,
     }
 
     return ossl_DER_w_begin_sequence(pkt, tag)
-        /* No parameters (yet?) */
+        /* PARAMETERS, always NULL according to current standards */
+        && ossl_DER_w_null(pkt, -1)
+        /* OID */
         && ossl_DER_w_precompiled(pkt, -1, precompiled, precompiled_sz)
         && ossl_DER_w_end_sequence(pkt, tag);
 }