From a93b07021fd60e645210c37e96d0c62483fd43d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 6 Jun 2007 20:50:55 +0000
Subject: [PATCH] (hx509_cms_create_signed_1): Use hx509_peer_info to select
 the signature algorithm too.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20937 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/cms.c | 37 ++++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/lib/hx509/cms.c b/lib/hx509/cms.c
index 96dee7177..6d8319fb9 100644
--- a/lib/hx509/cms.c
+++ b/lib/hx509/cms.c
@@ -946,7 +946,7 @@ hx509_cms_create_signed_1(hx509_context context,
     AlgorithmIdentifier digest;
     hx509_name name;
     SignerInfo *signer_info;
-    heim_octet_string buf, content, sigdata;
+    heim_octet_string buf, content, sigdata = { 0, NULL };
     SignedData sd;
     int ret;
     size_t size;
@@ -1050,10 +1050,8 @@ hx509_cms_create_signed_1(hx509_context context,
 				      &content,
 				      NULL,
 				      &sig);
-	if (ret) {
-	    hx509_clear_error_string(context);
+	if (ret)
 	    goto out;
-	}
 
 	ASN1_MALLOC_ENCODE(MessageDigest,
 			   buf.data,
@@ -1120,17 +1118,24 @@ hx509_cms_create_signed_1(hx509_context context,
     }
 
 
-    ret = _hx509_create_signature(context,
-				  _hx509_cert_private_key(cert),
-				  _hx509_crypto_default_sig_alg,
-				  &sigdata,
-				  &signer_info->signatureAlgorithm,
-				  &signer_info->signature);
-    if (sigdata.data != content.data)
-	der_free_octet_string(&sigdata);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
+    {
+	AlgorithmIdentifier sigalg;
+
+	ret = hx509_crypto_select(context, HX509_SELECT_PUBLIC_SIG,
+				  _hx509_cert_private_key(cert), peer,
+				  &sigalg);
+	if (ret)
+	    goto out;
+
+	ret = _hx509_create_signature(context,
+				      _hx509_cert_private_key(cert),
+				      &sigalg,
+				      &sigdata,
+				      &signer_info->signatureAlgorithm,
+				      &signer_info->signature);
+	free_AlgorithmIdentifier(&sigalg);
+	if (ret)
+	    goto out;
     }
 
     ALLOC_SEQ(&sd.digestAlgorithms, 1);
@@ -1199,6 +1204,8 @@ hx509_cms_create_signed_1(hx509_context context,
 	_hx509_abort("internal ASN.1 encoder error");
 
 out:
+    if (sigdata.data != content.data)
+	der_free_octet_string(&sigdata);
     free_AlgorithmIdentifier(&digest);
     _hx509_path_free(&path);
     free_SignedData(&sd);