pkcs7: use the PK_PKIX1_RSA_OID when writing RSA signature OIDs for PKCS#7 structures

That is because there are implementations which cannot cope with the
normal RSA signature OIDs. Relates #59

5 files changed, 18 insertions, 7 deletions

diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index 77eff5b848..5004f0f600 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -2574,7 +2574,7 @@ gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq, gnutls_privkey_t key,
 	result =
 	    _gnutls_x509_write_sig_params(crq->crq, "signatureAlgorithm",
 					  gnutls_privkey_get_pk_algorithm
-					  (key, NULL), dig);
+					  (key, NULL), dig, 0);
 	if (result < 0) {
 		gnutls_assert();
 		return result;
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
index 49059d2867..559e0284c5 100644
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -172,11 +172,14 @@ _gnutls_x509_crq_get_mpis(gnutls_x509_crq_t cert,
 /*
  * This function writes and encodes the parameters for DSS or RSA keys.
  * This is the "signatureAlgorithm" fields.
+ *
+ * If @legacy is non-zero then the legacy value for PKCS#7 signatures
+ * will be written for RSA signatures.
  */
 int
 _gnutls_x509_write_sig_params(ASN1_TYPE dst, const char *dst_name,
 			      gnutls_pk_algorithm_t pk_algorithm,
-			      gnutls_digest_algorithm_t dig)
+			      gnutls_digest_algorithm_t dig, unsigned legacy)
 {
 	int result;
 	char name[128];
@@ -185,7 +188,10 @@ _gnutls_x509_write_sig_params(ASN1_TYPE dst, const char *dst_name,
 	_gnutls_str_cpy(name, sizeof(name), dst_name);
 	_gnutls_str_cat(name, sizeof(name), ".algorithm");
 
-	oid = gnutls_sign_get_oid(gnutls_pk_to_sign(pk_algorithm, dig));
+	if (legacy && pk_algorithm == GNUTLS_PK_RSA)
+		oid = PK_PKIX1_RSA_OID;
+	else
+		oid = gnutls_sign_get_oid(gnutls_pk_to_sign(pk_algorithm, dig));
 	if (oid == NULL) {
 		gnutls_assert();
 		_gnutls_debug_log
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index ad527deb7b..b09e7c8a42 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -2051,7 +2051,12 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
 	/* write the signature algorithm */
 	pk = gnutls_x509_crt_get_pk_algorithm(signer, NULL);
 
-	ret = _gnutls_x509_write_sig_params(pkcs7->signed_data, "signerInfos.?LAST.signatureAlgorithm", pk, dig);
+	/* RFC5652 is silent on what the values would be and initially I assumed that
+	 * typical signature algorithms should be set. However RFC2315 (PKCS#7) mentions
+	 * that a generic RSA OID should be used. We switch to this "unexpected" value
+	 * because some implementations cannot cope with the "expected" signature values.
+	 */
+	ret = _gnutls_x509_write_sig_params(pkcs7->signed_data, "signerInfos.?LAST.signatureAlgorithm", pk, dig, 1);
 	if (ret < 0) {
 		gnutls_assert();
 		goto cleanup;
diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index 9ed7fd94a9..320f42b8b7 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -119,7 +119,7 @@ _gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name,
 
 	result = _gnutls_x509_write_sig_params(src, name,
 					       gnutls_privkey_get_pk_algorithm
-					       (issuer_key, NULL), dig);
+					       (issuer_key, NULL), dig, 0);
 	if (result < 0) {
 		gnutls_assert();
 		return result;
@@ -162,7 +162,7 @@ _gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name,
 
 	result = _gnutls_x509_write_sig_params(src, "signatureAlgorithm",
 					       gnutls_privkey_get_pk_algorithm
-					       (issuer_key, NULL), dig);
+					       (issuer_key, NULL), dig, 0);
 	if (result < 0) {
 		gnutls_assert();
 		return result;
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index 9d359d6373..9d666ee55d 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -325,7 +325,7 @@ int _gnutls_x509_write_uint32(ASN1_TYPE node, const char *value,
 
 int _gnutls_x509_write_sig_params(ASN1_TYPE dst, const char *dst_name,
 				  gnutls_pk_algorithm_t pk_algorithm,
-				  gnutls_digest_algorithm_t);
+				  gnutls_digest_algorithm_t, unsigned legacy);
 
 /* pkcs12.h */
 #include <gnutls/pkcs12.h>