New ASN1 macros which will encode an empty SEQUENCE OF.

Fix CRL encoders to encode empty SEQUENCE OF.

The old code was breaking CRL signatures.

Note: it is best to add new macros because changing the
old ones could break other code which expects that behaviour.
None of this is needed with the new ASN1 code anyway...

diff --git a/CHANGES b/CHANGES
index dd2dae0293e9412eaae3df441c556762b6e315eb..721251f1fdd8dd9b85a5a1e876c9a3aa3d3cedc9 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.6 and 0.9.6a  [xx XXX 2000]
 
+  *) Make the CRL encoding routines work with empty SEQUENCE OF. The
+     macros previously used would not encode an empty SEQUENCE OF
+     and break the signature.
+     [Steve Henson]
+
   *) Zero the premaster secret after deriving the master secret in
      DH ciphersuites.
      [Steve Henson]

diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h
index 4512ba6cc60420af84a8ae28c411ed967056bd04..af0e664b2de0698f506ae52051a50d19be1eb0a6 100644 (file)
--- a/crypto/asn1/asn1_mac.h
+++ b/crypto/asn1/asn1_mac.h
@@ -196,6 +196,9 @@ err:\
        if ((a != NULL) && (sk_##type##_num(a) != 0)) \
                M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
 
+#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \
+       if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
+
 #define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
        if ((c.slen != 0) && \
                (M_ASN1_next == \
@@ -389,6 +392,9 @@ err:\
                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
                        M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
 
+#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \
+               if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
+
 #define M_ASN1_I2D_len_IMP_SET(a,f,x) \
                ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
 
@@ -452,6 +458,15 @@ err:\
                        ret+=ASN1_object_size(1,v,mtag); \
                        }
 
+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
+               if (a)\
+                       { \
+                       v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
+                                                V_ASN1_UNIVERSAL, \
+                                                IS_SEQUENCE); \
+                       ret+=ASN1_object_size(1,v,mtag); \
+                       }
+
 /* Put Macros */
 #define M_ASN1_I2D_put(a,f)    f(a,&p)
 
@@ -536,6 +551,14 @@ err:\
                                               IS_SEQUENCE); \
                        }
 
+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
+               if (a) \
+                       { \
+                       ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+                       i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
+                                              IS_SEQUENCE); \
+                       }
+
 #define M_ASN1_I2D_seq_total() \
                r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
                if (pp == NULL) return(r); \

diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index 1f302d0e01eb39b5ee32fd264d3986d4d2db9400..9f200a763172807fb4efe069bc7ee12079da900a 100644 (file)
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -71,14 +71,14 @@ int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)
 
        M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
        M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
-       M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+       M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
                                         i2d_X509_EXTENSION);
 
        M_ASN1_I2D_seq_total();
 
        M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
        M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
-       M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+       M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
                                         i2d_X509_EXTENSION);
 
        M_ASN1_I2D_finish();
@@ -119,9 +119,9 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
        M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_TIME);
        if (a->nextUpdate != NULL)
                { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
-       M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
+       M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_REVOKED,a->revoked,
                                         i2d_X509_REVOKED);
-       M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+       M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
                                             i2d_X509_EXTENSION,0,
                                             V_ASN1_SEQUENCE,v1);
 
@@ -136,9 +136,9 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
        M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_TIME);
        if (a->nextUpdate != NULL)
                { M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); }
-       M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
+       M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_REVOKED,a->revoked,
                                         i2d_X509_REVOKED);
-       M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+       M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
                                             i2d_X509_EXTENSION,0,
                                             V_ASN1_SEQUENCE,v1);