Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
authorBodo Möller <bodo@openssl.org>
Fri, 26 Apr 2002 08:29:18 +0000 (08:29 +0000)
committerBodo Möller <bodo@openssl.org>
Fri, 26 Apr 2002 08:29:18 +0000 (08:29 +0000)
encoded as NULL) with id-dsa-with-sha1.

Submitted by: Nils Larsch

CHANGES
STATUS
crypto/asn1/a_sign.c

diff --git a/CHANGES b/CHANGES
index 858b257a9b9f586cdf3dcd0ae9e8ba6af4e3273d..37ae39075f7e8d8b72a31b660a0705f836715601 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1591,6 +1591,10 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
 
  Changes between 0.9.6c and 0.9.6d  [XX xxx 2002]
 
+  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
+     encoded as NULL) with id-dsa-with-sha1.
+     [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
+
   *) Check various X509_...() return values in apps/req.c.
      [Nils Larsch <nla@trustcenter.de>]
 
diff --git a/STATUS b/STATUS
index 8f86e05cbb564e28750a9401ebd7b350ab354a35..0627a81b87b0a4499cb256f36713372485a98b4d 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,6 +1,6 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2002/04/25 07:51:51 $
+  ______________                           $Date: 2002/04/26 08:28:59 $
 
   DEVELOPMENT STATE
 
@@ -62,9 +62,6 @@
 
   NEEDS PATCH
 
-    o  parameters should be omitted (not NULL) with id-dsa-with-sha1 OID
-       in X.509 signatures
-
     o  inappropriate AlgorithmIdentifier used in S/MIME signatures
        (key type instead of signature algorithm)
 
index fc65b4ea5684f0e0da12668f6e4d062bf6da40e8..de53b441448e4f9d44a07004790105b7a8a006c0 100644 (file)
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <time.h>
@@ -90,7 +143,14 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
                else
                        a=algor2;
                if (a == NULL) continue;
-               if (    (a->parameter == NULL) || 
+                if (type->pkey_type == NID_dsaWithSHA1)
+                       {
+                       /* special case: RFC 2459 tells us to omit 'parameters'
+                        * with id-dsa-with-sha1 */
+                       ASN1_TYPE_free(a->parameter);
+                       a->parameter = NULL;
+                       }
+               else if ((a->parameter == NULL) || 
                        (a->parameter->type != V_ASN1_NULL))
                        {
                        ASN1_TYPE_free(a->parameter);
@@ -169,7 +229,14 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
                else
                        a=algor2;
                if (a == NULL) continue;
-               if (    (a->parameter == NULL) || 
+                if (type->pkey_type == NID_dsaWithSHA1)
+                       {
+                       /* special case: RFC 2459 tells us to omit 'parameters'
+                        * with id-dsa-with-sha1 */
+                       ASN1_TYPE_free(a->parameter);
+                       a->parameter = NULL;
+                       }
+               else if ((a->parameter == NULL) || 
                        (a->parameter->type != V_ASN1_NULL))
                        {
                        ASN1_TYPE_free(a->parameter);