[openssl] OpenSSL_1_1_1-stable update
tmraz at fedoraproject.org
tmraz at fedoraproject.org
Tue Apr 21 15:15:28 UTC 2020
The branch OpenSSL_1_1_1-stable has been updated
via 4738d9e060eccdb01d443c3cefe8101cbf1d4bfa (commit)
from 49d391d03c11352eeadec7df39c48d1c83fb164e (commit)
- Log -----------------------------------------------------------------
commit 4738d9e060eccdb01d443c3cefe8101cbf1d4bfa
Author: Dirk-Willem van Gulik <dirkx at webweaving.org>
Date: Fri Jan 10 18:35:49 2020 +0100
Add setter equivalents to X509_REQ_get0_signature
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10563)
(cherry picked from commit c72e59349f50ee00a1bf8605ada17dfccb8b3b1a)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/x_algor.c | 28 ++++++++++++++++++++++++++++
crypto/x509/x509_req.c | 12 ++++++++++++
doc/man3/X509_ALGOR_dup.pod | 12 ++++++++++--
doc/man3/X509_get0_signature.pod | 20 ++++++++++++++++----
include/openssl/x509.h | 3 +++
util/libcrypto.num | 3 +++
6 files changed, 72 insertions(+), 6 deletions(-)
diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
index 4c4a718850..e13daf849b 100644
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -92,3 +92,31 @@ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
return 0;
return ASN1_TYPE_cmp(a->parameter, b->parameter);
}
+
+int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src)
+{
+ if (src == NULL || dest == NULL)
+ return 0;
+
+ if (dest->algorithm)
+ ASN1_OBJECT_free(dest->algorithm);
+ dest->algorithm = NULL;
+
+ if (dest->parameter)
+ ASN1_TYPE_free(dest->parameter);
+ dest->parameter = NULL;
+
+ if (src->algorithm)
+ if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL)
+ return 0;
+
+ if (src->parameter)
+ /* Assuming this is also correct for a BOOL.
+ * set does copy as a side effect.
+ */
+ if (ASN1_TYPE_set1(dest->parameter,
+ src->parameter->type, src->parameter->value.ptr) == 0)
+ return 0;
+
+ return 1;
+}
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index 7ba0f26495..64df2d0379 100644
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -286,6 +286,18 @@ void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
*palg = &req->sig_alg;
}
+void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig)
+{
+ if (req->signature)
+ ASN1_BIT_STRING_free(req->signature);
+ req->signature = psig;
+}
+
+int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg)
+{
+ return X509_ALGOR_copy(&req->sig_alg, palg);
+}
+
int X509_REQ_get_signature_nid(const X509_REQ *req)
{
return OBJ_obj2nid(req->sig_alg.algorithm);
diff --git a/doc/man3/X509_ALGOR_dup.pod b/doc/man3/X509_ALGOR_dup.pod
index 4aeaa591eb..6612354508 100644
--- a/doc/man3/X509_ALGOR_dup.pod
+++ b/doc/man3/X509_ALGOR_dup.pod
@@ -2,7 +2,7 @@
=head1 NAME
-X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp - AlgorithmIdentifier functions
+X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp, X509_ALGOR_copy - AlgorithmIdentifier functions
=head1 SYNOPSIS
@@ -14,6 +14,7 @@ X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_
const void **ppval, const X509_ALGOR *alg);
void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
+ int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src);
=head1 DESCRIPTION
@@ -36,18 +37,25 @@ values for the message digest B<md>.
X509_ALGOR_cmp() compares B<a> and B<b> and returns 0 if they have identical
encodings and non-zero otherwise.
+X509_ALGOR_copy() copies the source values into the dest structs; making
+a duplicate of each (and free any thing pointed to from within *dest).
+
=head1 RETURN VALUES
X509_ALGOR_dup() returns a valid B<X509_ALGOR> structure or NULL if an error
occurred.
-X509_ALGOR_set0() returns 1 on success or 0 on error.
+X509_ALGOR_set0() and X509_ALGOR_copy() return 1 on success or 0 on error.
X509_ALGOR_get0() and X509_ALGOR_set_md() return no values.
X509_ALGOR_cmp() returns 0 if the two parameters have identical encodings and
non-zero otherwise.
+=head1 HISTORY
+
+The X509_ALGOR_copy() was added in 1.1.1e.
+
=head1 COPYRIGHT
Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/X509_get0_signature.pod b/doc/man3/X509_get0_signature.pod
index 4133bc37a9..2fe2fef61b 100644
--- a/doc/man3/X509_get0_signature.pod
+++ b/doc/man3/X509_get0_signature.pod
@@ -2,10 +2,10 @@
=head1 NAME
-X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg,
-X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature,
-X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get,
-X509_SIG_INFO_set - signature information
+X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo,
+X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature,
+X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid,
+X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set - signature information
=head1 SYNOPSIS
@@ -14,6 +14,8 @@ X509_SIG_INFO_set - signature information
void X509_get0_signature(const ASN1_BIT_STRING **psig,
const X509_ALGOR **palg,
const X509 *x);
+ void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig);
+ int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg);
int X509_get_signature_nid(const X509 *x);
const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
@@ -41,6 +43,9 @@ X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg>
to the signature algorithm of B<x>. The values returned are internal
pointers which B<MUST NOT> be freed up after the call.
+X509_set0_signature() and X509_REQ_set1_signature_algo() are the
+equivalent setters for the two values of X509_get0_signature().
+
X509_get0_tbs_sigalg() returns the signature algorithm in the signed
portion of B<x>.
@@ -88,6 +93,10 @@ X509_get_signature_info() returns 1 if the signature information
returned is valid or 0 if the information is not available (e.g.
unknown algorithms or malformed parameters).
+X509_REQ_set1_signature_algo() returns 0 on success; or 1 on an
+error (e.g. null ALGO pointer). X509_REQ_set0_signature does
+not return an error value.
+
=head1 SEE ALSO
L<d2i_X509(3)>,
@@ -118,6 +127,9 @@ X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were
added in OpenSSL 1.1.0.
+The X509_REQ_set0_signature() and X509_REQ_set1_signature_algo()
+were added in OpenSSL 1.1.1e.
+
=head1 COPYRIGHT
Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 39ca0ba575..e63d043e5f 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -478,6 +478,7 @@ void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
const void **ppval, const X509_ALGOR *algor);
void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
+int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src);
X509_NAME *X509_NAME_dup(X509_NAME *xn);
X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
@@ -679,6 +680,8 @@ X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
const X509_ALGOR **palg);
+void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig);
+int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg);
int X509_REQ_get_signature_nid(const X509_REQ *req);
int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 876b7ca710..e16b836eb2 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4587,3 +4587,6 @@ EVP_PKEY_meth_set_digestverify 4540 1_1_1e EXIST::FUNCTION:
EVP_PKEY_meth_get_digestverify 4541 1_1_1e EXIST::FUNCTION:
EVP_PKEY_meth_get_digestsign 4542 1_1_1e EXIST::FUNCTION:
RSA_get0_pss_params 4543 1_1_1e EXIST::FUNCTION:RSA
+X509_ALGOR_copy 4544 1_1_1h EXIST::FUNCTION:
+X509_REQ_set0_signature 4545 1_1_1h EXIST::FUNCTION:
+X509_REQ_set1_signature_algo 4546 1_1_1h EXIST::FUNCTION:
More information about the openssl-commits
mailing list