From 4a9d335bb442a59ecd87c09812a8f6cc88065ff7 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 2 Feb 2010 14:19:54 +0000
Subject: [PATCH] tolerate broken CMS/PKCS7 implementations using signature OID
 instead of digest

---
 crypto/cms/cms_lib.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 8e6c1d29a5..cc00526d3e 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -415,7 +415,11 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
 			return 0;
 			}
 		BIO_get_md_ctx(chain, &mtmp);
-		if (EVP_MD_CTX_type(mtmp) == nid)
+		if (EVP_MD_CTX_type(mtmp) == nid
+		/* Workaround for broken implementations that use signature
+		 * algorithm  OID instead of digest.
+		 */
+			|| EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
 			{
 			EVP_MD_CTX_copy_ex(mctx, mtmp);
 			return 1;