Move DSA test in ca.c inside #ifdef and make pubkey BIT STRING always have

zero unused bits.

Move DSA test in ca.c inside #ifdef and make pubkey BIT STRING always have
zero unused bits.
c35f549e · Dr. Stephen Henson · ebc828ca · c35f549e · c35f549e · c35f549e
隐藏空白更改
内联并排

Showing with 9 addition and 1 deletion

CHANGES CHANGES +4 -0

apps/ca.c apps/ca.c +1 -1

crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c +4 -0

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,10 @@
 Changes between 0.9.1c and 0.9.2
+  *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
+     BIT STRING wrapper always have zero unused bits.
+     [Steve Henson]
  *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
     [Steve Henson]

--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1694,9 +1694,9 @@ again2:
 			}
 		}
-	if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
 #ifndef NO_DSA
+	if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
        pktmp=X509_get_pubkey(ret);
        if (EVP_PKEY_missing_parameters(pktmp) &&
 		!EVP_PKEY_missing_parameters(pkey))

--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -188,6 +188,10 @@ EVP_PKEY *pkey;
 	p=s;
 	i2d_PublicKey(pkey,&p);
 	if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
+	/* Set number of unused bits to zero */
+	pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+	pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
 	Free(s);
 	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);