(hx509_cms_create_signed_1): Use hx509_peer_info to select the

signature algorithm too.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20937 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/hx509/cms.c

@@ -946,7 +946,7 @@ hx509_cms_create_signed_1(hx509_context context,
     AlgorithmIdentifier digest;
     hx509_name name;
     SignerInfo *signer_info;
-    heim_octet_string buf, content, sigdata;
+    heim_octet_string buf, content, sigdata = { 0, NULL };
     SignedData sd;
     int ret;
     size_t size;
@@ -1050,10 +1050,8 @@ hx509_cms_create_signed_1(hx509_context context,
 				      &content,
 				      NULL,
 				      &sig);
-	if (ret) {
+	if (ret)
-	    hx509_clear_error_string(context);
 	    goto out;
-	}
 
 	ASN1_MALLOC_ENCODE(MessageDigest,
 			   buf.data,
@@ -1120,16 +1118,23 @@ hx509_cms_create_signed_1(hx509_context context,
     }
 
 
+    {
+	AlgorithmIdentifier sigalg;
+
+	ret = hx509_crypto_select(context, HX509_SELECT_PUBLIC_SIG,
+				  _hx509_cert_private_key(cert), peer,
+				  &sigalg);
+	if (ret)
+	    goto out;
+
 	ret = _hx509_create_signature(context,
 				      _hx509_cert_private_key(cert),
-				  _hx509_crypto_default_sig_alg,
+				      &sigalg,
 				      &sigdata,
 				      &signer_info->signatureAlgorithm,
 				      &signer_info->signature);
-    if (sigdata.data != content.data)
+	free_AlgorithmIdentifier(&sigalg);
-	der_free_octet_string(&sigdata);
+	if (ret)
-    if (ret) {
-	hx509_clear_error_string(context);
 	    goto out;
     }
 
@@ -1199,6 +1204,8 @@ hx509_cms_create_signed_1(hx509_context context,
 	_hx509_abort("internal ASN.1 encoder error");
 
 out:
+    if (sigdata.data != content.data)
+	der_free_octet_string(&sigdata);
     free_AlgorithmIdentifier(&digest);
     _hx509_path_free(&path);
     free_SignedData(&sd);