Write NULL in parameters for RSA signing, backported from the 1.7.x branch.

2 files changed, 16 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index 0ffe3d4ac4..8ae3e29d29 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,14 @@ See the end for copying conditions.
 
 * Version 1.6.2 (unreleased)
 
+** Fix X.509 signing with RSA-PKCS#1 to set a NULL parameters fields.
+Before, we remove the parameters field, which resulted in a slightly
+different DER encoding which in turn caused signature verification
+failures of GnuTLS-generated RSA certificates in some other
+implementations (e.g., GnuPG 2.x's gpgsm).  Depending on which RFCs
+you read, this may or may not be correct, but our new behaviour appear
+to be consistent with other widely used implementations.
+
 ** Regenerate the PKIX ASN.1 syntax tree.
 For some reason, after changing the ASN.1 type of ldap-UID in the last
 release, the generated C file built from the ASN.1 schema was not
diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index 714781966d..c1c230f7ff 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation
+ * Copyright (C) 2003, 2004, 2005, 2006, 2007 Free Software Foundation
  *
  * Author: Nikos Mavroyanopoulos
  *
@@ -79,7 +79,13 @@ encode_ber_digest_info (gnutls_digest_algorithm_t hash,
       return _gnutls_asn2err (result);
     }
 
-  result = asn1_write_value (dinfo, "digestAlgorithm.parameters", NULL, 0);
+  /* Write an ASN.1 NULL in the parameters field.  This matches RFC
+     3279 and RFC 4055, although is arguable incorrect from a historic
+     perspective (see those documents for more information).
+     Regardless of what is correct, this appears to be what most
+     implementations do.  */
+  result = asn1_write_value (dinfo, "digestAlgorithm.parameters",
+			     "\x05\x00", 2);
   if (result != ASN1_SUCCESS)
     {
       gnutls_assert ();