mark all bits of the signature as used

the first byte of a bit string marks how many bits should be
subtracted, make sure this doesn't get set.
This commit is contained in:
Klas Lindfors
2015-01-14 12:52:10 +01:00
parent f86ded25bf
commit f69a4ff8f6
+6
View File
@@ -690,6 +690,8 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
goto request_out;
}
M_ASN1_BIT_STRING_set(req->signature, signature, sig_len);
/* mark that all bits should be used. */
req->signature->flags = ASN1_STRING_FLAG_BITS_LEFT;
}
if(key_format == key_format_arg_PEM) {
@@ -889,6 +891,10 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
goto selfsign_out;
}
M_ASN1_BIT_STRING_set(x509->signature, signature, sig_len);
/* setting flags to ASN1_STRING_FLAG_BITS_LEFT here marks that no bits
* should be subtracted from the bit string, thus making sure that the
* certificate can be validated. */
x509->signature->flags = ASN1_STRING_FLAG_BITS_LEFT;
}
if(key_format == key_format_arg_PEM) {