1 files changed, 11 insertions, 5 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
index 6eda698c94..c3501c27bc 100644
--- a/src/lib/libcrypto/pkcs7/pk7_lib.c
+++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_lib.c,v 1.26 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: pk7_lib.c,v 1.27 2023/11/09 19:00:53 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -370,6 +370,7 @@ int
 PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
    const EVP_MD *dgst)
 {
+        int nid;
        int ret;
        /* We now need to add another PKCS7_SIGNER_INFO entry */
@@ -390,10 +391,15 @@ PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
        CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
        p7i->pkey = pkey;
-        /* Set the algorithms */
+        /*
+         * Do not use X509_ALGOR_set_evp_md() to match historical behavior.
-        X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
+         * A mistranslation of the ASN.1 from 1988 to 1997 syntax lost the
-            V_ASN1_NULL, NULL);
+         * OPTIONAL field, cf. the NOTE above RFC 5254, 2.1.
+         * Using X509_ALGOR_set_evp_md() would change encoding of the SHAs.
+         */
+        nid = EVP_MD_type(dgst);
+        if (!X509_ALGOR_set0_by_nid(p7i->digest_alg, nid, V_ASN1_NULL, NULL))
+                return 0;
        if (pkey->ameth && pkey->ameth->pkey_ctrl) {
                ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN,

diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c index 6eda698c94..c3501c27bc 100644 --- a/src/lib/libcrypto/pkcs7/pk7_lib.c +++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pk7_lib.c,v 1.26 2023/02/16 08:38:17 tb Exp $ */	1	/* $OpenBSD: pk7_lib.c,v 1.27 2023/11/09 19:00:53 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -370,6 +370,7 @@ int
370	PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO p7i, X509 x509, EVP_PKEY *pkey,	370	PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO p7i, X509 x509, EVP_PKEY *pkey,
371	const EVP_MD *dgst)	371	const EVP_MD *dgst)
372	{	372	{
		373	int nid;
373	int ret;	374	int ret;
374		375
375	/* We now need to add another PKCS7_SIGNER_INFO entry */	376	/* We now need to add another PKCS7_SIGNER_INFO entry */
@@ -390,10 +391,15 @@ PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO p7i, X509 x509, EVP_PKEY *pkey,
390	CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);	391	CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
391	p7i->pkey = pkey;	392	p7i->pkey = pkey;
392		393
393	/* Set the algorithms */	394	/*
394		395	* Do not use X509_ALGOR_set_evp_md() to match historical behavior.
395	X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),	396	* A mistranslation of the ASN.1 from 1988 to 1997 syntax lost the
396	V_ASN1_NULL, NULL);	397	* OPTIONAL field, cf. the NOTE above RFC 5254, 2.1.
		398	* Using X509_ALGOR_set_evp_md() would change encoding of the SHAs.
		399	*/
		400	nid = EVP_MD_type(dgst);
		401	if (!X509_ALGOR_set0_by_nid(p7i->digest_alg, nid, V_ASN1_NULL, NULL))
		402	return 0;
397		403
398	if (pkey->ameth && pkey->ameth->pkey_ctrl) {	404	if (pkey->ameth && pkey->ameth->pkey_ctrl) {
399	ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN,	405	ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN,