set the signature algorithm again in the cert

This commit is contained in:
Klas Lindfors
2014-08-25 15:31:01 +02:00
parent 6192010da6
commit 9a1b46d5a5
+9 -8
View File
@@ -670,14 +670,6 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
fprintf(stderr, "Failed setting certificate issuer.\n");
goto selfsign_out;
}
memset(digest, 0, sizeof(digest));
memcpy(digest, sha256oid, sizeof(sha256oid));
/* XXX: this should probably use X509_digest() but that looks buggy */
if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_CINF), EVP_sha256(), x509->cert_info,
digest + sizeof(sha256oid), &digest_len)) {
fprintf(stderr, "Failed doing digest of certificate.\n");
goto selfsign_out;
}
switch(algorithm) {
case YKPIV_ALGO_RSA1024:
case YKPIV_ALGO_RSA2048:
@@ -694,6 +686,15 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
fprintf(stderr, "Unsupported algorithm %x.\n", algorithm);
goto selfsign_out;
}
x509->cert_info->signature->algorithm = x509->sig_alg->algorithm;
memset(digest, 0, sizeof(digest));
memcpy(digest, sha256oid, sizeof(sha256oid));
/* XXX: this should probably use X509_digest() but that looks buggy */
if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_CINF), EVP_sha256(), x509->cert_info,
digest + sizeof(sha256oid), &digest_len)) {
fprintf(stderr, "Failed doing digest of certificate.\n");
goto selfsign_out;
}
{
unsigned char signature[1024];
size_t sig_len = sizeof(signature);