Change the PKCS7 structure to use SEQUENCE OF for the

authenticated attributes: this is used to retain the
original encoding and not break signatures.

Support for a SET OF which reorders the STACK when
encoding a structure. This will be used with the
PKCS7 code.

1 files changed, 12 insertions, 1 deletions

diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index f6d33e1776..4b2784987a 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -221,7 +221,11 @@ int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLAT
 		int skcontlen, sklen;
 		ASN1_VALUE *skitem;
 		if(!*pval) return 0;
-		isset = flags & ASN1_TFLG_SET_OF;
+		if(flags & ASN1_TFLG_SET_OF) {
+			isset = 1;
+			/* 2 means we reorder */
+			if(flags & ASN1_TFLG_SEQUENCE_OF) isset = 2;
+		} else isset = 0;
 		/* First work out inner tag value */
 		if(flags & ASN1_TFLG_IMPTAG) {
 			sktag = tt->tag;
@@ -284,6 +288,7 @@ int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLAT
 typedef	struct {
 	unsigned char *data;
 	int length;
+	ASN1_VALUE *field;
 } DER_ENC;
 
 static int der_cmp(const void *a, const void *b)
@@ -327,6 +332,7 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int s
 		skitem = sk_ASN1_VALUE_value(sk, i);
 		tder->data = p;
 		tder->length = ASN1_item_i2d(skitem, &p, item);
+		tder->field = skitem;
 	}
 	/* Now sort them */
 	qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
@@ -337,6 +343,11 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int s
 		p += tder->length;
 	}
 	*out = p;
+	/* If do_sort is 2 then reorder the STACK */
+	if(do_sort == 2) {
+		for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+			sk_ASN1_VALUE_set(sk, i, tder->field);
+	}
 	OPENSSL_free(derlst);
 	OPENSSL_free(tmpdat);
 	return 1;