Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
authorDr. Stephen Henson <steve@openssl.org>
Sun, 3 Oct 2010 18:56:25 +0000 (18:56 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 3 Oct 2010 18:56:25 +0000 (18:56 +0000)
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.

CHANGES
crypto/asn1/x_x509.c
crypto/ec/ectest.c
crypto/x509/x509.h
crypto/x509/x_all.c

diff --git a/CHANGES b/CHANGES
index c0953c277348d55bb239ec83340365d31fdd1784..4d7834360121cba7b3ae9511a4b592c17240ad4f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
   
  Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
 
+  *) Don't reencode certificate when calculating signature: cache and use
+     the original encoding instead. This makes signature verification of
+     some broken encodings work correctly.
+     [Steve Henson]
+
   *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
      is also one of the inputs.
      [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
index dafd3cc9211a9f236daade388b0d7768ff81a852..de3df9eb51c18401592f169e741fb5b867795d90 100644 (file)
@@ -63,7 +63,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-ASN1_SEQUENCE(X509_CINF) = {
+ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
        ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
        ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
        ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
@@ -74,7 +74,7 @@ ASN1_SEQUENCE(X509_CINF) = {
        ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
        ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
        ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
-} ASN1_SEQUENCE_END(X509_CINF)
+} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
 /* X509 top level structure needs a bit of customisation */
index bed3b096b032c6def66bb7687532ceadd13004c1..834d54ab599ba413e1e42f7e7b3ab11b5bf82663 100644 (file)
@@ -234,7 +234,7 @@ static void group_order_tests(EC_GROUP *group)
        BN_CTX_free(ctx);
        }
 
-void prime_field_tests()
+static void prime_field_tests()
        {       
        BN_CTX *ctx = NULL;
        BIGNUM *p, *a, *b;
@@ -777,7 +777,7 @@ void prime_field_tests()
        if (!EC_GROUP_copy(_variable, group)) ABORT; \
 
 
-void char2_field_tests()
+static void char2_field_tests()
        {       
        BN_CTX *ctx = NULL;
        BIGNUM *p, *a, *b;
@@ -1211,7 +1211,7 @@ void char2_field_tests()
 
        }
 
-void internal_curve_test(void)
+static void internal_curve_test(void)
        {
        EC_builtin_curve *curves = NULL;
        size_t crv_len = 0, n = 0;
index 604f4fb27fb98f7007862c2f6e7a5eed57e32aaa..e6f8a40395b08c6f8cbfec733243a552031c816d 100644 (file)
@@ -258,6 +258,7 @@ typedef struct x509_cinf_st
        ASN1_BIT_STRING *issuerUID;             /* [ 1 ] optional in v2 */
        ASN1_BIT_STRING *subjectUID;            /* [ 2 ] optional in v2 */
        STACK_OF(X509_EXTENSION) *extensions;   /* [ 3 ] optional in v3 */
+       ASN1_ENCODING enc;
        } X509_CINF;
 
 /* This stuff is certificate "auxiliary info"
index ebae30b7013f7576957a61ee2c82dc4b6c93d2a2..8ec88c215a4f6c5b79e5a96c27076bb1d333be33 100644 (file)
@@ -90,6 +90,7 @@ int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
 
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
        {
+       x->cert_info->enc.modified = 1;
        return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
                x->sig_alg, x->signature, x->cert_info,pkey,md));
        }