set the signature algorithm again in the cert
This commit is contained in:
@@ -670,14 +670,6 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
|
|||||||
fprintf(stderr, "Failed setting certificate issuer.\n");
|
fprintf(stderr, "Failed setting certificate issuer.\n");
|
||||||
goto selfsign_out;
|
goto selfsign_out;
|
||||||
}
|
}
|
||||||
memset(digest, 0, sizeof(digest));
|
|
||||||
memcpy(digest, sha256oid, sizeof(sha256oid));
|
|
||||||
/* XXX: this should probably use X509_digest() but that looks buggy */
|
|
||||||
if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_CINF), EVP_sha256(), x509->cert_info,
|
|
||||||
digest + sizeof(sha256oid), &digest_len)) {
|
|
||||||
fprintf(stderr, "Failed doing digest of certificate.\n");
|
|
||||||
goto selfsign_out;
|
|
||||||
}
|
|
||||||
switch(algorithm) {
|
switch(algorithm) {
|
||||||
case YKPIV_ALGO_RSA1024:
|
case YKPIV_ALGO_RSA1024:
|
||||||
case YKPIV_ALGO_RSA2048:
|
case YKPIV_ALGO_RSA2048:
|
||||||
@@ -694,6 +686,15 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
|
|||||||
fprintf(stderr, "Unsupported algorithm %x.\n", algorithm);
|
fprintf(stderr, "Unsupported algorithm %x.\n", algorithm);
|
||||||
goto selfsign_out;
|
goto selfsign_out;
|
||||||
}
|
}
|
||||||
|
x509->cert_info->signature->algorithm = x509->sig_alg->algorithm;
|
||||||
|
memset(digest, 0, sizeof(digest));
|
||||||
|
memcpy(digest, sha256oid, sizeof(sha256oid));
|
||||||
|
/* XXX: this should probably use X509_digest() but that looks buggy */
|
||||||
|
if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_CINF), EVP_sha256(), x509->cert_info,
|
||||||
|
digest + sizeof(sha256oid), &digest_len)) {
|
||||||
|
fprintf(stderr, "Failed doing digest of certificate.\n");
|
||||||
|
goto selfsign_out;
|
||||||
|
}
|
||||||
{
|
{
|
||||||
unsigned char signature[1024];
|
unsigned char signature[1024];
|
||||||
size_t sig_len = sizeof(signature);
|
size_t sig_len = sizeof(signature);
|
||||||
|
|||||||
Reference in New Issue
Block a user