make sure to return RSA keys with ASN1_NULL as parameter

This commit is contained in:
Klas Lindfors
2016-08-17 10:32:04 +02:00
parent f2069418d2
commit 621bad8acd
+20
View File
@@ -661,6 +661,10 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
size_t oid_len; size_t oid_len;
const unsigned char *oid; const unsigned char *oid;
int nid; int nid;
ASN1_TYPE null_parameter;
null_parameter.type = V_ASN1_NULL;
null_parameter.value.ptr = NULL;
sscanf(slot, "%2x", &key); sscanf(slot, "%2x", &key);
@@ -735,6 +739,8 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
if(YKPIV_IS_RSA(algorithm)) { if(YKPIV_IS_RSA(algorithm)) {
signinput = digest; signinput = digest;
len = oid_len + digest_len; len = oid_len + digest_len;
/* if it's RSA the parameter must be NULL, if ec non-present */
req->sig_alg->parameter = &null_parameter;
} else { } else {
signinput = digest + oid_len; signinput = digest + oid_len;
len = digest_len; len = digest_len;
@@ -771,6 +777,9 @@ request_out:
EVP_PKEY_free(public_key); EVP_PKEY_free(public_key);
} }
if(req) { if(req) {
if(req->sig_alg->parameter) {
req->sig_alg->parameter = NULL;
}
X509_REQ_free(req); X509_REQ_free(req);
} }
if(name) { if(name) {
@@ -801,6 +810,10 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
unsigned int md_len; unsigned int md_len;
ASN1_INTEGER *sno = ASN1_INTEGER_new(); ASN1_INTEGER *sno = ASN1_INTEGER_new();
BIGNUM *ser = NULL; BIGNUM *ser = NULL;
ASN1_TYPE null_parameter;
null_parameter.type = V_ASN1_NULL;
null_parameter.value.ptr = NULL;
sscanf(slot, "%2x", &key); sscanf(slot, "%2x", &key);
@@ -898,6 +911,9 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
if(YKPIV_IS_RSA(algorithm)) { if(YKPIV_IS_RSA(algorithm)) {
signinput = digest; signinput = digest;
len = oid_len + md_len; len = oid_len + md_len;
/* for RSA parameter must be NULL, for ec non-present */
x509->sig_alg->parameter = &null_parameter;
x509->cert_info->signature->parameter = &null_parameter;
} else { } else {
signinput = digest + oid_len; signinput = digest + oid_len;
len = md_len; len = md_len;
@@ -941,6 +957,10 @@ selfsign_out:
fclose(output_file); fclose(output_file);
} }
if(x509) { if(x509) {
if(x509->sig_alg->parameter) {
x509->sig_alg->parameter = NULL;
x509->cert_info->signature->parameter = NULL;
}
X509_free(x509); X509_free(x509);
} }
if(public_key) { if(public_key) {