Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
authorDr. Stephen Henson <steve@openssl.org>
Sun, 3 Oct 2010 18:58:09 +0000 (18:58 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 3 Oct 2010 18:58:09 +0000 (18:58 +0000)
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.

CHANGES
crypto/asn1/x_x509.c
crypto/x509/x509.h
crypto/x509/x_all.c

diff --git a/CHANGES b/CHANGES
index 8f9c150..76a3793 100644 (file)
--- a/CHANGES
+++ b/CHANGES
   
  Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
 
+  *) Don't reencode certificate when calculating signature: cache and use
+     the original encoding instead. This makes signature verification of
+     some broken encodings work correctly.
+     [Steve Henson]
+
   *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
      is also one of the inputs.
      [Emilia K√§sper <emilia.kasper@esat.kuleuven.be> (Google)]
index dafd3cc..de3df9e 100644 (file)
@@ -63,7 +63,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-ASN1_SEQUENCE(X509_CINF) = {
+ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
        ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
        ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
        ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
@@ -74,7 +74,7 @@ ASN1_SEQUENCE(X509_CINF) = {
        ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
        ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
        ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
-} ASN1_SEQUENCE_END(X509_CINF)
+} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
 /* X509 top level structure needs a bit of customisation */
index 9376ab0..092dd74 100644 (file)
@@ -258,6 +258,7 @@ typedef struct x509_cinf_st
        ASN1_BIT_STRING *issuerUID;             /* [ 1 ] optional in v2 */
        ASN1_BIT_STRING *subjectUID;            /* [ 2 ] optional in v2 */
        STACK_OF(X509_EXTENSION) *extensions;   /* [ 3 ] optional in v3 */
+       ASN1_ENCODING enc;
        } X509_CINF;
 
 /* This stuff is certificate "auxiliary info"
index 080a2de..b94aeeb 100644 (file)
@@ -90,6 +90,7 @@ int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
 
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
        {
+       x->cert_info->enc.modified = 1;
        return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
                x->sig_alg, x->signature, x->cert_info,pkey,md));
        }