From 8c9ab050e5780d829dc51dd2125b1764010a234a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 3 Oct 2010 18:57:01 +0000 Subject: [PATCH] Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), this means that some implementations will be used automatically, e.g. aesni, we do this for cryptodev anyway. Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it. --- CHANGES | 5 +++++ crypto/asn1/x_x509.c | 4 ++-- crypto/x509/x509.h | 1 + crypto/x509/x_all.c | 1 + 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index fab61c3495..b6708ffdc6 100644 --- a/CHANGES +++ b/CHANGES @@ -857,6 +857,11 @@ Changes between 0.9.8o and 0.9.8p [xx XXX xxxx] + *) Don't reencode certificate when calculating signature: cache and use + the original encoding instead. This makes signature verification of + some broken encodings work correctly. + [Steve Henson] + *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT is also one of the inputs. [Emilia Käsper (Google)] diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index dafd3cc921..de3df9eb51 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -63,7 +63,7 @@ #include #include -ASN1_SEQUENCE(X509_CINF) = { +ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), @@ -74,7 +74,7 @@ ASN1_SEQUENCE(X509_CINF) = { ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) -} ASN1_SEQUENCE_END(X509_CINF) +} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF) IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) /* X509 top level structure needs a bit of customisation */ diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 604f4fb27f..e6f8a40395 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -258,6 +258,7 @@ typedef struct x509_cinf_st ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ + ASN1_ENCODING enc; } X509_CINF; /* This stuff is certificate "auxiliary info" diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index ebae30b701..8ec88c215a 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -90,6 +90,7 @@ int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) { + x->cert_info->enc.modified = 1; return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, x->sig_alg, x->signature, x->cert_info,pkey,md)); } -- 2.25.1