From: Tom Yu <tlyu@mit.edu>
Date: Tue, 4 Oct 2016 22:14:51 +0000 (-0400)
Subject: Set alg param correctly for PKCS1
X-Git-Tag: krb5-1.14.5-final~15
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a644a1f0ea587d8af25ab72966d24e9ddd55ce05;p=thirdparty%2Fkrb5.git

Set alg param correctly for PKCS1

When using a smart card and constructing a DigestInfo to pass to the
CKM_RSA_PKCS mechanism, make sure to set the AlgorithmIdentifier
parameters correctly.  This is typically an ASN.1 NULL value.

Reported to Ubuntu in Launchpad #1629370.

(cherry picked from commit fded9063c23daa3dbd9ffaf32f8145844293f472)

ticket: 8506
version_fixed: 1.14.5
---

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index d5e27698ec..10e412fd80 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -1239,8 +1239,7 @@ cms_signeddata_create(krb5_context context,
             alg = X509_ALGOR_new();
             if (alg == NULL)
                 goto cleanup2;
-            alg->algorithm = OBJ_nid2obj(NID_sha1);
-            alg->parameter = NULL;
+            X509_ALGOR_set0(alg, OBJ_nid2obj(NID_sha1), V_ASN1_NULL, NULL);
             alg_len = i2d_X509_ALGOR(alg, NULL);
             alg_buf = malloc(alg_len);
             if (alg_buf == NULL)