From 9a1b46d5a593aff80c0a8a67669dff62c1053054 Mon Sep 17 00:00:00 2001 From: Klas Lindfors Date: Mon, 25 Aug 2014 15:31:01 +0200 Subject: [PATCH] set the signature algorithm again in the cert --- tool/yubico-piv-tool.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c index 7a50f48..bccd5dd 100644 --- a/tool/yubico-piv-tool.c +++ b/tool/yubico-piv-tool.c @@ -670,14 +670,6 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo fprintf(stderr, "Failed setting certificate issuer.\n"); goto selfsign_out; } - memset(digest, 0, sizeof(digest)); - memcpy(digest, sha256oid, sizeof(sha256oid)); - /* XXX: this should probably use X509_digest() but that looks buggy */ - if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_CINF), EVP_sha256(), x509->cert_info, - digest + sizeof(sha256oid), &digest_len)) { - fprintf(stderr, "Failed doing digest of certificate.\n"); - goto selfsign_out; - } switch(algorithm) { case YKPIV_ALGO_RSA1024: case YKPIV_ALGO_RSA2048: @@ -694,6 +686,15 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo fprintf(stderr, "Unsupported algorithm %x.\n", algorithm); goto selfsign_out; } + x509->cert_info->signature->algorithm = x509->sig_alg->algorithm; + memset(digest, 0, sizeof(digest)); + memcpy(digest, sha256oid, sizeof(sha256oid)); + /* XXX: this should probably use X509_digest() but that looks buggy */ + if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_CINF), EVP_sha256(), x509->cert_info, + digest + sizeof(sha256oid), &digest_len)) { + fprintf(stderr, "Failed doing digest of certificate.\n"); + goto selfsign_out; + } { unsigned char signature[1024]; size_t sig_len = sizeof(signature);