Only canonize ECDSA signatures in MSP:IsWellFormed (#1495)

Currently, the MSP IsWellFormed function expects any signature to be a valid ECDSA signature, however the certificate can be signed by a non-ECDSA algorithm which will then yield a false negative. This change set ensures the check only applies if the signature is ECDSA. Change-Id: I0b14e3e9b87e860a3ca29cc233dc4810de1768ab Signed-off-by: yacovm <[email protected]>
hyperledger · Jun 30, 2020 · 34294ad · 34294ad
1 parent c2ea18f
commit 34294ad
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/msp/mspimpl.go b/msp/mspimpl.go
@@ -825,6 +825,10 @@ func (msp *bccspmsp) IsWellFormed(identity *m.SerializedIdentity) error {
 		return err
 	}
 
+	if !isECDSASignedCert(cert) {
+		return nil
+	}
+
 	return isIdentitySignedInCanonicalForm(cert.Signature, identity.Mspid, identity.IdBytes)
 
 }