6 files changed, 70 insertions, 26 deletions
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index e6f8a40395..092dd7450d 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -657,11 +657,15 @@ int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
 int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
+int X509_signature_dump(BIO *bp,const ASN1_STRING *sig, int indent);
 int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
 int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
@@ -763,6 +767,7 @@ X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
 int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
 void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
                                                X509_ALGOR *algor);
+void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
 X509_NAME *X509_NAME_dup(X509_NAME *xn);
 X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
@@ -896,6 +901,9 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
 int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
        ASN1_BIT_STRING *signature,
        void *data, EVP_PKEY *pkey, const EVP_MD *type);
+int ASN1_item_sign_ctx(const ASN1_ITEM *it,
+                X509_ALGOR *algor1, X509_ALGOR *algor2,
+                ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx);
 #endif
 int             X509_set_version(X509 *x,long version);
@@ -1161,6 +1169,9 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
                                 unsigned char *salt, int saltlen,
                                 unsigned char *aiv, int prf_nid);
+X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
+                                int prf_nid, int keylen);
 /* PKCS#8 utilities */
 DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index 4bc9da07e0..7c2aaee2e9 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -87,15 +87,20 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
        EVP_MD_CTX_init(&ctx);
        f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
        ret=strlen(f);
-        EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
+        if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
-        EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
+                goto err;
+        if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,ret))
+                goto err;
        OPENSSL_free(f);
-        EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
+        if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
-                (unsigned long)a->cert_info->serialNumber->length);
+                (unsigned long)a->cert_info->serialNumber->length))
-        EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
+                goto err;
+        if (!EVP_DigestFinal_ex(&ctx,&(md[0]),NULL))
+                goto err;
        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
                )&0xffffffffL;
+        err:
        EVP_MD_CTX_cleanup(&ctx);
        return(ret);
        }
@@ -219,7 +224,9 @@ unsigned long X509_NAME_hash(X509_NAME *x)
        /* Make sure X509_NAME structure contains valid cached encoding */
        i2d_X509_NAME(x,NULL);
-        EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), NULL);
+        if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(),
+                NULL))
+                return 0;
        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
@@ -234,12 +241,18 @@ unsigned long X509_NAME_hash(X509_NAME *x)
 unsigned long X509_NAME_hash_old(X509_NAME *x)
        {
+        EVP_MD_CTX md_ctx;
        unsigned long ret=0;
        unsigned char md[16];
        /* Make sure X509_NAME structure contains valid cached encoding */
        i2d_X509_NAME(x,NULL);
-        EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
+        EVP_MD_CTX_init(&md_ctx);
+        EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+        EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
+        EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
+        EVP_DigestFinal_ex(&md_ctx,md,NULL);
+        EVP_MD_CTX_cleanup(&md_ctx);
        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index 3a6e04a1de..38525a8cdd 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -87,7 +87,7 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)
        if (ctx == NULL) return;
        if (    (ctx->method != NULL) &&
                (ctx->method->free != NULL))
-                ctx->method->free(ctx);
+                (*ctx->method->free)(ctx);
        OPENSSL_free(ctx);
        }
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 701ec565e9..b0779db023 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -153,7 +153,6 @@ static int x509_subject_cmp(X509 **a, X509 **b)
 int X509_verify_cert(X509_STORE_CTX *ctx)
        {
        X509 *x,*xtmp,*chain_ss=NULL;
-        X509_NAME *xn;
        int bad_chain = 0;
        X509_VERIFY_PARAM *param = ctx->param;
        int depth,i,ok=0;
@@ -205,7 +204,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                                         */
                /* If we are self signed, we break */
-                xn=X509_get_issuer_name(x);
                if (ctx->check_issued(ctx, x,x)) break;
                /* If we were passed a cert chain, use it first */
@@ -242,7 +240,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
        i=sk_X509_num(ctx->chain);
        x=sk_X509_value(ctx->chain,i-1);
-        xn = X509_get_subject_name(x);
        if (ctx->check_issued(ctx, x, x))
                {
                /* we have a self signed certificate */
@@ -291,7 +288,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                if (depth < num) break;
                /* If we are self signed, we break */
-                xn=X509_get_issuer_name(x);
                if (ctx->check_issued(ctx,x,x)) break;
                ok = ctx->get_issuer(&xtmp, ctx, x);
@@ -310,7 +306,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                }
        /* we now have our chain, lets check it... */
-        xn=X509_get_issuer_name(x);
        /* Is last certificate looked up self signed? */
        if (!ctx->check_issued(ctx,x,x))
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
index 3385ad3f67..9702ec5310 100644
--- a/src/lib/libcrypto/x509/x509type.c
+++ b/src/lib/libcrypto/x509/x509type.c
@@ -100,20 +100,26 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
                break;
                }
-        i=X509_get_signature_type(x);
+        i=OBJ_obj2nid(x->sig_alg->algorithm);
-        switch (i)
+        if (i && OBJ_find_sigid_algs(i, NULL, &i))
                {
-        case EVP_PKEY_RSA:
-                ret|=EVP_PKS_RSA;
+                switch (i)
-                break;
+                        {
-        case EVP_PKEY_DSA:
+                case NID_rsaEncryption:
-                ret|=EVP_PKS_DSA;
+                case NID_rsa:
-                break;
+                        ret|=EVP_PKS_RSA;
-        case EVP_PKEY_EC:
+                        break;
-                ret|=EVP_PKS_EC;
+                case NID_dsa:
-                break;
+                case NID_dsa_2:
-        default:
+                        ret|=EVP_PKS_DSA;
-                break;
+                        break;
+                case NID_X9_62_id_ecPublicKey:
+                        ret|=EVP_PKS_EC;
+                        break;
+                default:
+                        break;
+                        }
                }
        if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
index 8ec88c215a..b94aeeb873 100644
--- a/src/lib/libcrypto/x509/x_all.c
+++ b/src/lib/libcrypto/x509/x_all.c
@@ -95,12 +95,25 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
                x->sig_alg, x->signature, x->cert_info,pkey,md));
        }
+int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
+        {
+        return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
+                x->cert_info->signature,
+                x->sig_alg, x->signature, x->cert_info, ctx);
+        }
 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
        {
        return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
                x->signature, x->req_info,pkey,md));
        }
+int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
+        {
+        return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
+                x->sig_alg, NULL, x->signature, x->req_info, ctx);
+        }
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
        {
        x->crl->enc.modified = 1;
@@ -108,6 +121,12 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
                x->sig_alg, x->signature, x->crl,pkey,md));
        }
+int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
+        {
+        return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
+                x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
+        }
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
        {
        return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,

diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h index e6f8a40395..092dd7450d 100644 --- a/src/lib/libcrypto/x509/x509.h +++ b/src/lib/libcrypto/x509/x509.h
@@ -657,11 +657,15 @@ int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI x, EVP_PKEY pkey);
657		657
658	int NETSCAPE_SPKI_print(BIO out, NETSCAPE_SPKI spki);	658	int NETSCAPE_SPKI_print(BIO out, NETSCAPE_SPKI spki);
659		659
		660	int X509_signature_dump(BIO bp,const ASN1_STRING sig, int indent);
660	int X509_signature_print(BIO bp,X509_ALGOR alg, ASN1_STRING *sig);	661	int X509_signature_print(BIO bp,X509_ALGOR alg, ASN1_STRING *sig);
661		662
662	int X509_sign(X509 x, EVP_PKEY pkey, const EVP_MD *md);	663	int X509_sign(X509 x, EVP_PKEY pkey, const EVP_MD *md);
		664	int X509_sign_ctx(X509 x, EVP_MD_CTX ctx);
663	int X509_REQ_sign(X509_REQ x, EVP_PKEY pkey, const EVP_MD *md);	665	int X509_REQ_sign(X509_REQ x, EVP_PKEY pkey, const EVP_MD *md);
		666	int X509_REQ_sign_ctx(X509_REQ x, EVP_MD_CTX ctx);
664	int X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md);	667	int X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md);
		668	int X509_CRL_sign_ctx(X509_CRL x, EVP_MD_CTX ctx);
665	int NETSCAPE_SPKI_sign(NETSCAPE_SPKI x, EVP_PKEY pkey, const EVP_MD *md);	669	int NETSCAPE_SPKI_sign(NETSCAPE_SPKI x, EVP_PKEY pkey, const EVP_MD *md);
666		670
667	int X509_pubkey_digest(const X509 data,const EVP_MD type,	671	int X509_pubkey_digest(const X509 data,const EVP_MD type,
@@ -763,6 +767,7 @@ X509_ALGOR X509_ALGOR_dup(X509_ALGOR xn);
763	int X509_ALGOR_set0(X509_ALGOR alg, ASN1_OBJECT aobj, int ptype, void *pval);	767	int X509_ALGOR_set0(X509_ALGOR alg, ASN1_OBJECT aobj, int ptype, void *pval);
764	void X509_ALGOR_get0(ASN1_OBJECT *paobj, int pptype, void **ppval,	768	void X509_ALGOR_get0(ASN1_OBJECT *paobj, int pptype, void **ppval,
765	X509_ALGOR *algor);	769	X509_ALGOR *algor);
		770	void X509_ALGOR_set_md(X509_ALGOR alg, const EVP_MD md);
766		771
767	X509_NAME X509_NAME_dup(X509_NAME xn);	772	X509_NAME X509_NAME_dup(X509_NAME xn);
768	X509_NAME_ENTRY X509_NAME_ENTRY_dup(X509_NAME_ENTRY ne);	773	X509_NAME_ENTRY X509_NAME_ENTRY_dup(X509_NAME_ENTRY ne);
@@ -896,6 +901,9 @@ int ASN1_item_verify(const ASN1_ITEM it, X509_ALGOR algor1,
896	int ASN1_item_sign(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,	901	int ASN1_item_sign(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,
897	ASN1_BIT_STRING *signature,	902	ASN1_BIT_STRING *signature,
898	void data, EVP_PKEY pkey, const EVP_MD *type);	903	void data, EVP_PKEY pkey, const EVP_MD *type);
		904	int ASN1_item_sign_ctx(const ASN1_ITEM *it,
		905	X509_ALGOR algor1, X509_ALGOR algor2,
		906	ASN1_BIT_STRING signature, void asn, EVP_MD_CTX *ctx);
899	#endif	907	#endif
900		908
901	int X509_set_version(X509 *x,long version);	909	int X509_set_version(X509 *x,long version);
@@ -1161,6 +1169,9 @@ X509_ALGOR PKCS5_pbe2_set_iv(const EVP_CIPHER cipher, int iter,
1161	unsigned char *salt, int saltlen,	1169	unsigned char *salt, int saltlen,
1162	unsigned char *aiv, int prf_nid);	1170	unsigned char *aiv, int prf_nid);
1163		1171
		1172	X509_ALGOR PKCS5_pbkdf2_set(int iter, unsigned char salt, int saltlen,
		1173	int prf_nid, int keylen);
		1174
1164	/* PKCS#8 utilities */	1175	/* PKCS#8 utilities */
1165		1176
1166	DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)	1177	DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)


diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c index 4bc9da07e0..7c2aaee2e9 100644 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -87,15 +87,20 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
87	EVP_MD_CTX_init(&ctx);	87	EVP_MD_CTX_init(&ctx);
88	f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);	88	f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
89	ret=strlen(f);	89	ret=strlen(f);
90	EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);	90	if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
91	EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);	91	goto err;
		92	if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,ret))
		93	goto err;
92	OPENSSL_free(f);	94	OPENSSL_free(f);
93	EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,	95	if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
94	(unsigned long)a->cert_info->serialNumber->length);	96	(unsigned long)a->cert_info->serialNumber->length))
95	EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);	97	goto err;
		98	if (!EVP_DigestFinal_ex(&ctx,&(md[0]),NULL))
		99	goto err;
96	ret=( ((unsigned long)md[0] )\|((unsigned long)md[1]<<8L)\|	100	ret=( ((unsigned long)md[0] )\|((unsigned long)md[1]<<8L)\|
97	((unsigned long)md[2]<<16L)\|((unsigned long)md[3]<<24L)	101	((unsigned long)md[2]<<16L)\|((unsigned long)md[3]<<24L)
98	)&0xffffffffL;	102	)&0xffffffffL;
		103	err:
99	EVP_MD_CTX_cleanup(&ctx);	104	EVP_MD_CTX_cleanup(&ctx);
100	return(ret);	105	return(ret);
101	}	106	}
@@ -219,7 +224,9 @@ unsigned long X509_NAME_hash(X509_NAME *x)
219		224
220	/* Make sure X509_NAME structure contains valid cached encoding */	225	/* Make sure X509_NAME structure contains valid cached encoding */
221	i2d_X509_NAME(x,NULL);	226	i2d_X509_NAME(x,NULL);
222	EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), NULL);	227	if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(),
		228	NULL))
		229	return 0;
223		230
224	ret=( ((unsigned long)md[0] )\|((unsigned long)md[1]<<8L)\|	231	ret=( ((unsigned long)md[0] )\|((unsigned long)md[1]<<8L)\|
225	((unsigned long)md[2]<<16L)\|((unsigned long)md[3]<<24L)	232	((unsigned long)md[2]<<16L)\|((unsigned long)md[3]<<24L)
@@ -234,12 +241,18 @@ unsigned long X509_NAME_hash(X509_NAME *x)
234		241
235	unsigned long X509_NAME_hash_old(X509_NAME *x)	242	unsigned long X509_NAME_hash_old(X509_NAME *x)
236	{	243	{
		244	EVP_MD_CTX md_ctx;
237	unsigned long ret=0;	245	unsigned long ret=0;
238	unsigned char md[16];	246	unsigned char md[16];
239		247
240	/* Make sure X509_NAME structure contains valid cached encoding */	248	/* Make sure X509_NAME structure contains valid cached encoding */
241	i2d_X509_NAME(x,NULL);	249	i2d_X509_NAME(x,NULL);
242	EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);	250	EVP_MD_CTX_init(&md_ctx);
		251	EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
		252	EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
		253	EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
		254	EVP_DigestFinal_ex(&md_ctx,md,NULL);
		255	EVP_MD_CTX_cleanup(&md_ctx);
243		256
244	ret=( ((unsigned long)md[0] )\|((unsigned long)md[1]<<8L)\|	257	ret=( ((unsigned long)md[0] )\|((unsigned long)md[1]<<8L)\|
245	((unsigned long)md[2]<<16L)\|((unsigned long)md[3]<<24L)	258	((unsigned long)md[2]<<16L)\|((unsigned long)md[3]<<24L)


diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c index 3a6e04a1de..38525a8cdd 100644 --- a/src/lib/libcrypto/x509/x509_lu.c +++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -87,7 +87,7 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)
87	if (ctx == NULL) return;	87	if (ctx == NULL) return;
88	if ( (ctx->method != NULL) &&	88	if ( (ctx->method != NULL) &&
89	(ctx->method->free != NULL))	89	(ctx->method->free != NULL))
90	ctx->method->free(ctx);	90	(*ctx->method->free)(ctx);
91	OPENSSL_free(ctx);	91	OPENSSL_free(ctx);
92	}	92	}
93		93


diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 701ec565e9..b0779db023 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -153,7 +153,6 @@ static int x509_subject_cmp(X509 a, X509 b)
153	int X509_verify_cert(X509_STORE_CTX *ctx)	153	int X509_verify_cert(X509_STORE_CTX *ctx)
154	{	154	{
155	X509 x,xtmp,*chain_ss=NULL;	155	X509 x,xtmp,*chain_ss=NULL;
156	X509_NAME *xn;
157	int bad_chain = 0;	156	int bad_chain = 0;
158	X509_VERIFY_PARAM *param = ctx->param;	157	X509_VERIFY_PARAM *param = ctx->param;
159	int depth,i,ok=0;	158	int depth,i,ok=0;
@@ -205,7 +204,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
205	*/	204	*/
206		205
207	/* If we are self signed, we break */	206	/* If we are self signed, we break */
208	xn=X509_get_issuer_name(x);
209	if (ctx->check_issued(ctx, x,x)) break;	207	if (ctx->check_issued(ctx, x,x)) break;
210		208
211	/* If we were passed a cert chain, use it first */	209	/* If we were passed a cert chain, use it first */
@@ -242,7 +240,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
242		240
243	i=sk_X509_num(ctx->chain);	241	i=sk_X509_num(ctx->chain);
244	x=sk_X509_value(ctx->chain,i-1);	242	x=sk_X509_value(ctx->chain,i-1);
245	xn = X509_get_subject_name(x);
246	if (ctx->check_issued(ctx, x, x))	243	if (ctx->check_issued(ctx, x, x))
247	{	244	{
248	/* we have a self signed certificate */	245	/* we have a self signed certificate */
@@ -291,7 +288,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
291	if (depth < num) break;	288	if (depth < num) break;
292		289
293	/* If we are self signed, we break */	290	/* If we are self signed, we break */
294	xn=X509_get_issuer_name(x);
295	if (ctx->check_issued(ctx,x,x)) break;	291	if (ctx->check_issued(ctx,x,x)) break;
296		292
297	ok = ctx->get_issuer(&xtmp, ctx, x);	293	ok = ctx->get_issuer(&xtmp, ctx, x);
@@ -310,7 +306,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
310	}	306	}
311		307
312	/* we now have our chain, lets check it... */	308	/* we now have our chain, lets check it... */
313	xn=X509_get_issuer_name(x);
314		309
315	/* Is last certificate looked up self signed? */	310	/* Is last certificate looked up self signed? */
316	if (!ctx->check_issued(ctx,x,x))	311	if (!ctx->check_issued(ctx,x,x))


diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c index 3385ad3f67..9702ec5310 100644 --- a/src/lib/libcrypto/x509/x509type.c +++ b/src/lib/libcrypto/x509/x509type.c
@@ -100,20 +100,26 @@ int X509_certificate_type(X509 x, EVP_PKEY pkey)
100	break;	100	break;
101	}	101	}
102		102
103	i=X509_get_signature_type(x);	103	i=OBJ_obj2nid(x->sig_alg->algorithm);
104	switch (i)	104	if (i && OBJ_find_sigid_algs(i, NULL, &i))
105	{	105	{
106	case EVP_PKEY_RSA:	106
107	ret\|=EVP_PKS_RSA;	107	switch (i)
108	break;	108	{
109	case EVP_PKEY_DSA:	109	case NID_rsaEncryption:
110	ret\|=EVP_PKS_DSA;	110	case NID_rsa:
111	break;	111	ret\|=EVP_PKS_RSA;
112	case EVP_PKEY_EC:	112	break;
113	ret\|=EVP_PKS_EC;	113	case NID_dsa:
114	break;	114	case NID_dsa_2:
115	default:	115	ret\|=EVP_PKS_DSA;
116	break;	116	break;
		117	case NID_X9_62_id_ecPublicKey:
		118	ret\|=EVP_PKS_EC;
		119	break;
		120	default:
		121	break;
		122	}
117	}	123	}
118		124
119	if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look	125	if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look


diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c index 8ec88c215a..b94aeeb873 100644 --- a/src/lib/libcrypto/x509/x_all.c +++ b/src/lib/libcrypto/x509/x_all.c
@@ -95,12 +95,25 @@ int X509_sign(X509 x, EVP_PKEY pkey, const EVP_MD *md)
95	x->sig_alg, x->signature, x->cert_info,pkey,md));	95	x->sig_alg, x->signature, x->cert_info,pkey,md));
96	}	96	}
97		97
		98	int X509_sign_ctx(X509 x, EVP_MD_CTX ctx)
		99	{
		100	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
		101	x->cert_info->signature,
		102	x->sig_alg, x->signature, x->cert_info, ctx);
		103	}
		104
98	int X509_REQ_sign(X509_REQ x, EVP_PKEY pkey, const EVP_MD *md)	105	int X509_REQ_sign(X509_REQ x, EVP_PKEY pkey, const EVP_MD *md)
99	{	106	{
100	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,	107	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
101	x->signature, x->req_info,pkey,md));	108	x->signature, x->req_info,pkey,md));
102	}	109	}
103		110
		111	int X509_REQ_sign_ctx(X509_REQ x, EVP_MD_CTX ctx)
		112	{
		113	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
		114	x->sig_alg, NULL, x->signature, x->req_info, ctx);
		115	}
		116
104	int X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md)	117	int X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md)
105	{	118	{
106	x->crl->enc.modified = 1;	119	x->crl->enc.modified = 1;
@@ -108,6 +121,12 @@ int X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md)
108	x->sig_alg, x->signature, x->crl,pkey,md));	121	x->sig_alg, x->signature, x->crl,pkey,md));
109	}	122	}
110		123
		124	int X509_CRL_sign_ctx(X509_CRL x, EVP_MD_CTX ctx)
		125	{
		126	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
		127	x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
		128	}
		129
111	int NETSCAPE_SPKI_sign(NETSCAPE_SPKI x, EVP_PKEY pkey, const EVP_MD *md)	130	int NETSCAPE_SPKI_sign(NETSCAPE_SPKI x, EVP_PKEY pkey, const EVP_MD *md)
112	{	131	{
113	return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,	132	return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,