From: Dr. Stephen Henson Date: Sun, 28 Jan 2001 14:18:20 +0000 (+0000) Subject: New ASN1 macros which will encode an empty SEQUENCE OF. X-Git-Tag: OpenSSL_0_9_6a-beta1~79 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7a60df7dd334b3712cf7aaa837cf7fdff9be7c44;p=oweals%2Fopenssl.git New ASN1 macros which will encode an empty SEQUENCE OF. Fix CRL encoders to encode empty SEQUENCE OF. The old code was breaking CRL signatures. Note: it is best to add new macros because changing the old ones could break other code which expects that behaviour. None of this is needed with the new ASN1 code anyway... --- diff --git a/CHANGES b/CHANGES index dd2dae0293..721251f1fd 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.6 and 0.9.6a [xx XXX 2000] + *) Make the CRL encoding routines work with empty SEQUENCE OF. The + macros previously used would not encode an empty SEQUENCE OF + and break the signature. + [Steve Henson] + *) Zero the premaster secret after deriving the master secret in DH ciphersuites. [Steve Henson] diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h index 4512ba6cc6..af0e664b2d 100644 --- a/crypto/asn1/asn1_mac.h +++ b/crypto/asn1/asn1_mac.h @@ -196,6 +196,9 @@ err:\ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ M_ASN1_I2D_put_SEQUENCE_type(type,a,f); +#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \ + if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f); + #define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ if ((c.slen != 0) && \ (M_ASN1_next == \ @@ -389,6 +392,9 @@ err:\ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ M_ASN1_I2D_len_SEQUENCE_type(type,a,f); +#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \ + if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f); + #define M_ASN1_I2D_len_IMP_SET(a,f,x) \ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); @@ -452,6 +458,15 @@ err:\ ret+=ASN1_object_size(1,v,mtag); \ } +#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \ + if (a)\ + { \ + v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \ + V_ASN1_UNIVERSAL, \ + IS_SEQUENCE); \ + ret+=ASN1_object_size(1,v,mtag); \ + } + /* Put Macros */ #define M_ASN1_I2D_put(a,f) f(a,&p) @@ -536,6 +551,14 @@ err:\ IS_SEQUENCE); \ } +#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \ + if (a) \ + { \ + ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ + i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \ + IS_SEQUENCE); \ + } + #define M_ASN1_I2D_seq_total() \ r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ if (pp == NULL) return(r); \ diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index 1f302d0e01..9f200a7631 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -71,14 +71,14 @@ int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp) M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER); M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME); - M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, + M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions, i2d_X509_EXTENSION); M_ASN1_I2D_seq_total(); M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER); M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME); - M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, + M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions, i2d_X509_EXTENSION); M_ASN1_I2D_finish(); @@ -119,9 +119,9 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp) M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_TIME); if (a->nextUpdate != NULL) { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); } - M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked, + M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_REVOKED,a->revoked, i2d_X509_REVOKED); - M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, + M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions, i2d_X509_EXTENSION,0, V_ASN1_SEQUENCE,v1); @@ -136,9 +136,9 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp) M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_TIME); if (a->nextUpdate != NULL) { M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); } - M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked, + M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_REVOKED,a->revoked, i2d_X509_REVOKED); - M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, + M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions, i2d_X509_EXTENSION,0, V_ASN1_SEQUENCE,v1);