make sure to return RSA keys with ASN1_NULL as parameter
This commit is contained in:
@@ -661,6 +661,10 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
|
||||
size_t oid_len;
|
||||
const unsigned char *oid;
|
||||
int nid;
|
||||
ASN1_TYPE null_parameter;
|
||||
|
||||
null_parameter.type = V_ASN1_NULL;
|
||||
null_parameter.value.ptr = NULL;
|
||||
|
||||
sscanf(slot, "%2x", &key);
|
||||
|
||||
@@ -735,6 +739,8 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
|
||||
if(YKPIV_IS_RSA(algorithm)) {
|
||||
signinput = digest;
|
||||
len = oid_len + digest_len;
|
||||
/* if it's RSA the parameter must be NULL, if ec non-present */
|
||||
req->sig_alg->parameter = &null_parameter;
|
||||
} else {
|
||||
signinput = digest + oid_len;
|
||||
len = digest_len;
|
||||
@@ -771,6 +777,9 @@ request_out:
|
||||
EVP_PKEY_free(public_key);
|
||||
}
|
||||
if(req) {
|
||||
if(req->sig_alg->parameter) {
|
||||
req->sig_alg->parameter = NULL;
|
||||
}
|
||||
X509_REQ_free(req);
|
||||
}
|
||||
if(name) {
|
||||
@@ -801,6 +810,10 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
|
||||
unsigned int md_len;
|
||||
ASN1_INTEGER *sno = ASN1_INTEGER_new();
|
||||
BIGNUM *ser = NULL;
|
||||
ASN1_TYPE null_parameter;
|
||||
|
||||
null_parameter.type = V_ASN1_NULL;
|
||||
null_parameter.value.ptr = NULL;
|
||||
|
||||
sscanf(slot, "%2x", &key);
|
||||
|
||||
@@ -898,6 +911,9 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
|
||||
if(YKPIV_IS_RSA(algorithm)) {
|
||||
signinput = digest;
|
||||
len = oid_len + md_len;
|
||||
/* for RSA parameter must be NULL, for ec non-present */
|
||||
x509->sig_alg->parameter = &null_parameter;
|
||||
x509->cert_info->signature->parameter = &null_parameter;
|
||||
} else {
|
||||
signinput = digest + oid_len;
|
||||
len = md_len;
|
||||
@@ -941,6 +957,10 @@ selfsign_out:
|
||||
fclose(output_file);
|
||||
}
|
||||
if(x509) {
|
||||
if(x509->sig_alg->parameter) {
|
||||
x509->sig_alg->parameter = NULL;
|
||||
x509->cert_info->signature->parameter = NULL;
|
||||
}
|
||||
X509_free(x509);
|
||||
}
|
||||
if(public_key) {
|
||||
|
||||
Reference in New Issue
Block a user