From f69a4ff8f6c7d74536a4962354d331f2c6c832e8 Mon Sep 17 00:00:00 2001 From: Klas Lindfors Date: Wed, 14 Jan 2015 12:52:10 +0100 Subject: [PATCH] mark all bits of the signature as used the first byte of a bit string marks how many bits should be subtracted, make sure this doesn't get set. --- tool/yubico-piv-tool.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c index cbffa86..dedafe5 100644 --- a/tool/yubico-piv-tool.c +++ b/tool/yubico-piv-tool.c @@ -690,6 +690,8 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for goto request_out; } M_ASN1_BIT_STRING_set(req->signature, signature, sig_len); + /* mark that all bits should be used. */ + req->signature->flags = ASN1_STRING_FLAG_BITS_LEFT; } if(key_format == key_format_arg_PEM) { @@ -889,6 +891,10 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo goto selfsign_out; } M_ASN1_BIT_STRING_set(x509->signature, signature, sig_len); + /* setting flags to ASN1_STRING_FLAG_BITS_LEFT here marks that no bits + * should be subtracted from the bit string, thus making sure that the + * certificate can be validated. */ + x509->signature->flags = ASN1_STRING_FLAG_BITS_LEFT; } if(key_format == key_format_arg_PEM) {