CAdES and id-aa-signingCertificateV2

Sat, 19 Apr 2014 08:16:26 -0700 

Hi,
issue has been already proposed here http://marc.info/?l=openssl-dev&m=138000831409222&w=2, now I am preparing a different patch. In the meantime you have no objection to apply simple attached patch? 

Thanks,

--
Antonio Iacono
http://opensignature.sourceforge.net/english.php


diff -rupN openssl-1.0.1g-orig/crypto/objects/objects.txt openssl-1.0.1g-patched/crypto/objects/objects.txt
--- openssl-1.0.1g-orig/crypto/objects/objects.txt	2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1g-patched/crypto/objects/objects.txt	2014-04-19 16:35:34.464446760 +0200
@@ -290,6 +290,7 @@ id-smime-aa 26		: id-smime-aa-ets-certCR
 id-smime-aa 27		: id-smime-aa-ets-archiveTimeStamp
 id-smime-aa 28		: id-smime-aa-signatureType
 id-smime-aa 29		: id-smime-aa-dvcs-dvc
+id-smime-aa 47		: id-smime-aa-signingCertificateV2
 
 # S/MIME Algorithm Identifiers
 # obsolete
diff -rupN openssl-1.0.1g-orig/crypto/objects/obj_mac.num openssl-1.0.1g-patched/crypto/objects/obj_mac.num
--- openssl-1.0.1g-orig/crypto/objects/obj_mac.num	2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1g-patched/crypto/objects/obj_mac.num	2014-04-19 16:42:46.814590539 +0200
@@ -917,3 +917,4 @@ aes_128_cbc_hmac_sha1		916
 aes_192_cbc_hmac_sha1		917
 aes_256_cbc_hmac_sha1		918
 rsaesOaep		919
+id_smime_aa_signingCertificateV2		920
diff -rupN openssl-1.0.1g-orig/crypto/x509/x509.h openssl-1.0.1g-patched/crypto/x509/x509.h
--- openssl-1.0.1g-orig/crypto/x509/x509.h	2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1g-patched/crypto/x509/x509.h	2014-04-19 16:08:41.580448967 +0200
@@ -305,6 +305,9 @@ struct x509_st
 #ifndef OPENSSL_NO_SHA
 	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
 #endif
+#ifndef OPENSSL_NO_SHA256
+	unsigned char sha256_hash[SHA256_DIGEST_LENGTH];
+#endif
 	X509_CERT_AUX *aux;
 	} /* X509 */;
 
diff -rupN openssl-1.0.1g-orig/crypto/x509v3/v3_purp.c openssl-1.0.1g-patched/crypto/x509v3/v3_purp.c
--- openssl-1.0.1g-orig/crypto/x509v3/v3_purp.c	2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1g-patched/crypto/x509v3/v3_purp.c	2014-04-19 16:10:05.660866132 +0200
@@ -368,6 +368,9 @@ static void x509v3_cache_extensions(X509
 #ifndef OPENSSL_NO_SHA
 	X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
 #endif
+#ifndef OPENSSL_NO_SHA256
+	X509_digest(x, EVP_sha256(), x->sha256_hash, NULL);
+#endif
 	/* Does subject name match issuer ? */
 	if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
 			 x->ex_flags |= EXFLAG_SI;
diff -rupN openssl-1.0.1g-orig/include/openssl/x509.h openssl-1.0.1g-patched/include/openssl/x509.h
--- openssl-1.0.1g-orig/include/openssl/x509.h	2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1g-patched/include/openssl/x509.h	2014-04-19 16:08:41.580448967 +0200
@@ -305,6 +305,9 @@ struct x509_st
 #ifndef OPENSSL_NO_SHA
 	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
 #endif
+#ifndef OPENSSL_NO_SHA256
+	unsigned char sha256_hash[SHA256_DIGEST_LENGTH];
+#endif
 	X509_CERT_AUX *aux;
 	} /* X509 */;
 






















					Reply via email to