From f5880f733dae6fbca929002abbce77c9c77dbf6a Mon Sep 17 00:00:00 2001
From: Wyllys Ingersoll <wyllys.ingersoll@sun.com>
Date: Mon, 21 Jun 2010 08:34:53 -0700
Subject: 6961704 KMF generates certificates with bad signatures

---
 usr/src/lib/libkmf/libkmf/common/certop.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'usr/src')

diff --git a/usr/src/lib/libkmf/libkmf/common/certop.c b/usr/src/lib/libkmf/libkmf/common/certop.c
index a866deb5d5..a111690158 100644
--- a/usr/src/lib/libkmf/libkmf/common/certop.c
+++ b/usr/src/lib/libkmf/libkmf/common/certop.c
@@ -3033,6 +3033,18 @@ sign_cert(KMF_HANDLE_T handle,
 		    signature_oid);
 		if (ret)
 			goto cleanup;
+
+		/* Free the previous "data to be signed" block */
+		kmf_free_data(&data_to_sign);
+
+		/*
+		 * We changed the cert (updated the signature OID), so we
+		 * need to re-encode it so the correct data gets signed.
+		 */
+		ret = DerEncodeTbsCertificate(&subj_cert->certificate,
+		    &data_to_sign);
+		if (ret != KMF_OK)
+			goto cleanup;
 	}
 	kmf_set_attr_at_index(attrlist, i, KMF_KEYSTORE_TYPE_ATTR,
 	    &Signkey->kstype, sizeof (KMF_KEYSTORE_TYPE));
@@ -3088,7 +3100,11 @@ sign_cert(KMF_HANDLE_T handle,
 
 		subj_cert->signature.encrypted = signature;
 	} else {
-		subj_cert->signature.encrypted = signed_data;
+		ret = copy_data(&subj_cert->signature.encrypted, &signed_data);
+		kmf_free_data(&signed_data);
+
+		if (ret != KMF_OK)
+			goto cleanup;
 	}
 
 	/* Now, re-encode the cert with the new signature */
-- 
cgit v1.2.3