corrected signing and verifying with DSA keys.

1 files changed, 10 insertions, 47 deletions

diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index 340a599174..b32c21569b 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -279,7 +279,6 @@ int _gnutls_x509_pkix_sign(ASN1_TYPE src, const char* src_name,
 {
 int result;
 gnutls_datum signature;
-const char* pk;
 char name[128];
 
 	/* Step 1. Copy the issuer's name into the certificate.
@@ -296,39 +295,16 @@ char name[128];
 
 	/* Step 1.5. Write the signature stuff in the tbsCertificate.
 	 */
-	/* write the RSA OID
-	 */
-	pk = _gnutls_x509_sign2oid( issuer_key->pk_algorithm, GNUTLS_MAC_SHA);
-	if (pk == NULL) {
-		gnutls_assert();
-		return GNUTLS_E_INVALID_REQUEST;
-	}
-
 	_gnutls_str_cpy( name, sizeof(name), src_name);
-	_gnutls_str_cat( name, sizeof(name), ".signature.algorithm");
+	_gnutls_str_cat( name, sizeof(name), ".signature");
 
-	result = asn1_write_value( src, name, pk, 1);
-	if (result != ASN1_SUCCESS) {
-		gnutls_assert();
-		return _gnutls_asn2err(result);
-	}
-
-#warning CHECKME
-	/* disable parameters, which are not used in RSA.
-	 */
-	_gnutls_str_cpy( name, sizeof(name), src_name);
-	_gnutls_str_cat( name, sizeof(name), ".signature.parameters");
-
-	result = asn1_write_value( src, name, NULL, 0);
-	if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) {
-		/* Here we ignore the element not found error, since this
-		 * may have been disabled before.
-		 */
+	result = _gnutls_x509_write_sig_params( src, name,
+		issuer_key->pk_algorithm, issuer_key->params, issuer_key->params_size);
+	if (result < 0) {
 		gnutls_assert();
-		return _gnutls_asn2err(result);
+		return result;
 	}
 
-
 	/* Step 2. Sign the certificate.
 	 */
 	result = _gnutls_x509_sign_tbs( src, src_name, GNUTLS_MAC_SHA,
@@ -350,28 +326,15 @@ char name[128];
 		return _gnutls_asn2err(result);
 	}
 
-	/* Step 2. Move up and write the AlgorithmIdentifier, which is also
+	/* Step 3. Move up and write the AlgorithmIdentifier, which is also
 	 * the same. 
 	 */
 
-	/* write the RSA or DSA OID
-	 */
-	result = asn1_write_value( src, "signatureAlgorithm.algorithm", pk, 1);
-	if (result != ASN1_SUCCESS) {
-		gnutls_assert();
-		return _gnutls_asn2err(result);
-	}
-
-#warning CHECKME
-	/* disable parameters, which are not used in RSA.
-	 */
-	result = asn1_write_value( src, "signatureAlgorithm.parameters", NULL, 0);
-	if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) {
-		/* Here we ignore the element not found error, since this
-		 * may have been disabled before.
-		 */
+	result = _gnutls_x509_write_sig_params( src, "signatureAlgorithm",
+		issuer_key->pk_algorithm, issuer_key->params, issuer_key->params_size);
+	if (result < 0) {
 		gnutls_assert();
-		return _gnutls_asn2err(result);
+		return result;
 	}
 
 	return 0;