From d5c442f78a58b0cbea3340fbd23cd1923803fa46 Mon Sep 17 00:00:00 2001
From: yacovm <yacovm@il.ibm.com>
Date: Tue, 30 Jun 2020 10:52:19 +0300
Subject: [PATCH] Only canonize ECDSA signatures in MSP:IsWellFormed

Currently, the MSP IsWellFormed function expects any signature to be
a valid ECDSA signature, however the certificate can be signed by
a non-ECDSA algorithm which will then yield a false negative.

This change set ensures the check only applies if the signature is ECDSA.

Change-Id: I0b14e3e9b87e860a3ca29cc233dc4810de1768ab
Signed-off-by: yacovm <yacovm@il.ibm.com>
---
 msp/mspimpl.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/msp/mspimpl.go b/msp/mspimpl.go
index 10d71f9d22a..840e58cbb3d 100644
--- a/msp/mspimpl.go
+++ b/msp/mspimpl.go
@@ -847,6 +847,10 @@ func (msp *bccspmsp) IsWellFormed(identity *m.SerializedIdentity) error {
 		return err
 	}
 
+	if !isECDSASignedCert(cert) {
+		return nil
+	}
+
 	return isIdentitySignedInCanonicalForm(cert.Signature, identity.Mspid, identity.IdBytes)
 
 }