[svn] ksba - r303 - in trunk: . src
svn author wk
cvs at cvs.gnupg.org
Thu May 28 10:07:17 CEST 2009
Author: wk
Date: 2009-05-28 10:07:16 +0200 (Thu, 28 May 2009)
New Revision: 303
Modified:
trunk/NEWS
trunk/src/ChangeLog
trunk/src/cms.c
trunk/src/der-encoder.c
Log:
Use an explicit NULL in an RSA algorithmIdentifier sequence.
Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog 2009-03-26 19:27:46 UTC (rev 302)
+++ trunk/src/ChangeLog 2009-05-28 08:07:16 UTC (rev 303)
@@ -1,3 +1,8 @@
+2009-05-28 Werner Koch <wk at g10code.com>
+
+ * der-encoder.c (_ksba_der_store_null, sum_up_lengths): Actually
+ write out NULL tags.
+
2009-03-26 Werner Koch <wk at g10code.com>
* cms.h (struct certlist_s): Allow for SHA-512.
Modified: trunk/NEWS
===================================================================
--- trunk/NEWS 2009-03-26 19:27:46 UTC (rev 302)
+++ trunk/NEWS 2009-05-28 08:07:16 UTC (rev 303)
@@ -3,7 +3,12 @@
* Support SHA-{384,512} based signature generation.
+ * The RSA algorithmIdentifier ASN.1 sequence is now emitted with an
+ explicit NULL parameter. Despite all the interop testing we did in
+ the past, some software still requires this and thus we follow the
+ best current practise now.
+
Noteworthy changes in version 1.0.5 (2009-01-09)
------------------------------------------------
@@ -367,7 +372,8 @@
* Nearly all stuff needed for the Aegypten project is now in place.
- Copyright 2002, 2003, 2004, 2005, 2006 g10 Code GmbH
+ Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+ 2009 g10 Code GmbH
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
Modified: trunk/src/cms.c
===================================================================
--- trunk/src/cms.c 2009-03-26 19:27:46 UTC (rev 302)
+++ trunk/src/cms.c 2009-05-28 08:07:16 UTC (rev 303)
@@ -3091,6 +3091,32 @@
err = gpg_error (GPG_ERR_ELEMENT_NOT_FOUND);
goto leave;
}
+
+ /* Now store NULL for the optional parameters. From Peter
+ * Gutmann's X.509 style guide:
+ *
+ * Another pitfall to be aware of is that algorithms which
+ * have no parameters have this specified as a NULL value
+ * rather than omitting the parameters field entirely. The
+ * reason for this is that when the 1988 syntax for
+ * AlgorithmIdentifier was translated into the 1997 syntax,
+ * the OPTIONAL associated with the AlgorithmIdentifier
+ * parameters got lost. Later it was recovered via a defect
+ * report, but by then everyone thought that algorithm
+ * parameters were mandatory. Because of this the algorithm
+ * parameters should be specified as NULL, regardless of what
+ * you read elsewhere.
+ *
+ * The trouble is that things *never* get better, they just
+ * stay the same, only more so
+ * -- Terry Pratchett, "Eric"
+ *
+ * Although this is about signing, we always do it. Versions of
+ * Libksba before 1.0.6 had a bug writing out the NULL tag here,
+ * thus in reality we used to be correct according to the
+ * standards despite we didn't intended so.
+ */
+
err = _ksba_der_store_null (n);
if (err)
goto leave;
Modified: trunk/src/der-encoder.c
===================================================================
--- trunk/src/der-encoder.c 2009-03-26 19:27:46 UTC (rev 302)
+++ trunk/src/der-encoder.c 2009-05-28 08:07:16 UTC (rev 303)
@@ -382,7 +382,8 @@
if (node->type == TYPE_NULL)
{
- return store_value (node, "", 0);
+ clear_value (node);
+ return 0;
}
else
return gpg_error (GPG_ERR_INV_VALUE);
@@ -508,6 +509,9 @@
AsnNode n;
unsigned long len = 0;
+ if (root->type == TYPE_NULL)
+ return root->nhdr;
+
if (!(n=root->down) || _ksba_asn_is_primitive (root->type))
len = root->len;
else
@@ -555,9 +559,9 @@
for (n=root; n ; n = _ksba_asn_walk_tree (root, n))
{
if (_ksba_asn_is_primitive (n->type)
- && n->valuetype == VALTYPE_MEM
- && n->value.v_mem.len
- && !n->flags.is_implicit)
+ && !n->flags.is_implicit
+ && ((n->valuetype == VALTYPE_MEM && n->value.v_mem.len)
+ || n->type == TYPE_NULL))
set_nhdr_and_len (n, n->value.v_mem.len);
}
More information about the Gnupg-commits
mailing list