Hello,
I am sending changes that we have applied to the distribution of OpenSSL.
Enhancements are:
- engines/e_capi.c - Adding SHA2 to capi engine.
- crypto/x509v3/v3_lib.c - Prioritizing user X509V3_EXT_METHODover
standard X509V3_EXT_METHOD, which allow us to extend display of
GeneralName/Othername in text format.
Regards
Libor Krystek
diff -uNr openssl-1.0.1g/crypto/cms/cms_lcl.h
openssl-1.0.1g-ICA/crypto/cms/cms_lcl.h
--- openssl-1.0.1g/crypto/cms/cms_lcl.h 2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1g-ICA/crypto/cms/cms_lcl.h 2014-05-23 12:01:00.000000000
+0200
@@ -418,7 +418,7 @@
DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
DECLARE_ASN1_ITEM(CMS_RecipientInfo)
DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
-DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
+/* DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) */
#define CMS_SIGNERINFO_ISSUER_SERIAL 0
#define CMS_SIGNERINFO_KEYIDENTIFIER 1
@@ -442,8 +442,10 @@
X509_NAME **issuer, ASN1_INTEGER **sno);
int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
+#ifdef ZLIB
CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
+#endif
void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
diff -uNr openssl-1.0.1g/crypto/ec/ec_lcl.h
openssl-1.0.1g-ICA/crypto/ec/ec_lcl.h
--- openssl-1.0.1g/crypto/ec/ec_lcl.h 2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1g-ICA/crypto/ec/ec_lcl.h 2014-05-23 12:01:00.000000000
+0200
@@ -404,7 +404,7 @@
int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
-#ifndef OPENSSL_EC_NISTP_64_GCC_128
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
/* method functions in ecp_nistp224.c */
int ec_GFp_nistp224_group_init(EC_GROUP *group);
int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, const
BIGNUM *a, const BIGNUM *n, BN_CTX *);
diff -uNr openssl-1.0.1g/crypto/x509v3/v3_lib.c
openssl-1.0.1g-ICA/crypto/x509v3/v3_lib.c
--- openssl-1.0.1g/crypto/x509v3/v3_lib.c 2014-03-17 17:14:20.000000000
+0100
+++ openssl-1.0.1g-ICA/crypto/x509v3/v3_lib.c 2014-05-23 12:19:50.039029618
+0200
@@ -101,12 +101,16 @@
int idx;
if(nid < 0) return NULL;
tmp.ext_nid = nid;
+// ICA - begin
+ if(ext_list)
+ {
+ idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
+ if(idx != -1) return sk_X509V3_EXT_METHOD_value(ext_list, idx);
+ }
ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT);
if(ret) return *ret;
- if(!ext_list) return NULL;
- idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
- if(idx == -1) return NULL;
- return sk_X509V3_EXT_METHOD_value(ext_list, idx);
+ return NULL;
+// ICA - end
}
const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
diff -uNr openssl-1.0.1g/engines/e_capi.c openssl-1.0.1g-ICA/engines/e_capi.c
--- openssl-1.0.1g/engines/e_capi.c 2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1g-ICA/engines/e_capi.c 2014-05-23 12:19:58.204137871 +0200
@@ -109,6 +109,26 @@
#define CERT_SYSTEM_STORE_CURRENT_USER 0x00010000
#endif
+#ifndef ALG_SID_SHA_256
+ #define ALG_SID_SHA_256 12
+#endif
+#ifndef ALG_SID_SHA_384
+ #define ALG_SID_SHA_384 13
+#endif
+#ifndef ALG_SID_SHA_512
+ #define ALG_SID_SHA_512 14
+#endif
+
+#ifndef CALG_SHA_256
+ #define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY |
ALG_SID_SHA_256)
+#endif
+#ifndef CALG_SHA_384
+ #define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY |
ALG_SID_SHA_384)
+#endif
+#ifndef CALG_SHA_512
+ #define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY |
ALG_SID_SHA_512)
+#endif
+
#include <openssl/engine.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
@@ -816,6 +836,18 @@
/* Convert the signature type to a CryptoAPI algorithm ID */
switch(dtype)
{
+ case NID_sha256:
+ alg = CALG_SHA_256;
+ break;
+
+ case NID_sha384:
+ alg = CALG_SHA_384;
+ break;
+
+ case NID_sha512:
+ alg = CALG_SHA_512;
+ break;
+
case NID_sha1:
alg = CALG_SHA1;
break;
