[openssl] OpenSSL_1_1_1-stable update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Tue Apr 21 15:15:28 UTC 2020


The branch OpenSSL_1_1_1-stable has been updated
       via  4738d9e060eccdb01d443c3cefe8101cbf1d4bfa (commit)
      from  49d391d03c11352eeadec7df39c48d1c83fb164e (commit)


- Log -----------------------------------------------------------------
commit 4738d9e060eccdb01d443c3cefe8101cbf1d4bfa
Author: Dirk-Willem van Gulik <dirkx at webweaving.org>
Date:   Fri Jan 10 18:35:49 2020 +0100

    Add setter equivalents to X509_REQ_get0_signature
    
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/10563)
    
    (cherry picked from commit c72e59349f50ee00a1bf8605ada17dfccb8b3b1a)

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/x_algor.c            | 28 ++++++++++++++++++++++++++++
 crypto/x509/x509_req.c           | 12 ++++++++++++
 doc/man3/X509_ALGOR_dup.pod      | 12 ++++++++++--
 doc/man3/X509_get0_signature.pod | 20 ++++++++++++++++----
 include/openssl/x509.h           |  3 +++
 util/libcrypto.num               |  3 +++
 6 files changed, 72 insertions(+), 6 deletions(-)

diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
index 4c4a718850..e13daf849b 100644
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -92,3 +92,31 @@ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
         return 0;
     return ASN1_TYPE_cmp(a->parameter, b->parameter);
 }
+
+int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src)
+{
+    if (src == NULL || dest == NULL)
+	return 0;
+
+    if (dest->algorithm)
+         ASN1_OBJECT_free(dest->algorithm);
+    dest->algorithm = NULL;
+
+    if (dest->parameter)
+        ASN1_TYPE_free(dest->parameter);
+    dest->parameter = NULL;
+
+    if (src->algorithm)
+        if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL)
+	    return 0;
+
+    if (src->parameter)
+        /* Assuming this is also correct for a BOOL.
+         * set does copy as a side effect.
+         */
+        if (ASN1_TYPE_set1(dest->parameter, 
+              src->parameter->type, src->parameter->value.ptr) == 0)
+	    return 0;
+
+    return 1;
+}
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index 7ba0f26495..64df2d0379 100644
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -286,6 +286,18 @@ void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
         *palg = &req->sig_alg;
 }
 
+void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig)
+{
+    if (req->signature)
+           ASN1_BIT_STRING_free(req->signature);
+    req->signature = psig;
+}
+
+int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg)
+{
+    return X509_ALGOR_copy(&req->sig_alg, palg);
+}
+
 int X509_REQ_get_signature_nid(const X509_REQ *req)
 {
     return OBJ_obj2nid(req->sig_alg.algorithm);
diff --git a/doc/man3/X509_ALGOR_dup.pod b/doc/man3/X509_ALGOR_dup.pod
index 4aeaa591eb..6612354508 100644
--- a/doc/man3/X509_ALGOR_dup.pod
+++ b/doc/man3/X509_ALGOR_dup.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp - AlgorithmIdentifier functions
+X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp, X509_ALGOR_copy - AlgorithmIdentifier functions
 
 =head1 SYNOPSIS
 
@@ -14,6 +14,7 @@ X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_
                       const void **ppval, const X509_ALGOR *alg);
  void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
  int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
+ int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src);
 
 =head1 DESCRIPTION
 
@@ -36,18 +37,25 @@ values for the message digest B<md>.
 X509_ALGOR_cmp() compares B<a> and B<b> and returns 0 if they have identical
 encodings and non-zero otherwise.
 
+X509_ALGOR_copy() copies the source values into the dest structs; making
+a duplicate of each (and free any thing pointed to from within *dest).
+
 =head1 RETURN VALUES
 
 X509_ALGOR_dup() returns a valid B<X509_ALGOR> structure or NULL if an error
 occurred.
 
-X509_ALGOR_set0() returns 1 on success or 0 on error.
+X509_ALGOR_set0() and X509_ALGOR_copy() return 1 on success or 0 on error.
 
 X509_ALGOR_get0() and X509_ALGOR_set_md() return no values.
 
 X509_ALGOR_cmp() returns 0 if the two parameters have identical encodings and
 non-zero otherwise.
 
+=head1 HISTORY
+
+The X509_ALGOR_copy() was added in 1.1.1e.
+
 =head1 COPYRIGHT
 
 Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/X509_get0_signature.pod b/doc/man3/X509_get0_signature.pod
index 4133bc37a9..2fe2fef61b 100644
--- a/doc/man3/X509_get0_signature.pod
+++ b/doc/man3/X509_get0_signature.pod
@@ -2,10 +2,10 @@
 
 =head1 NAME
 
-X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg,
-X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature,
-X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get,
-X509_SIG_INFO_set - signature information
+X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo,
+X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, 
+X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, 
+X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set - signature information
 
 =head1 SYNOPSIS
 
@@ -14,6 +14,8 @@ X509_SIG_INFO_set - signature information
  void X509_get0_signature(const ASN1_BIT_STRING **psig,
                           const X509_ALGOR **palg,
                           const X509 *x);
+ void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig);
+ int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg);
  int X509_get_signature_nid(const X509 *x);
  const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
 
@@ -41,6 +43,9 @@ X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg>
 to the signature algorithm of B<x>. The values returned are internal
 pointers which B<MUST NOT> be freed up after the call.
 
+X509_set0_signature() and X509_REQ_set1_signature_algo() are the
+equivalent setters for the two values of X509_get0_signature().
+
 X509_get0_tbs_sigalg() returns the signature algorithm in the signed
 portion of B<x>.
 
@@ -88,6 +93,10 @@ X509_get_signature_info() returns 1 if the signature information
 returned is valid or 0 if the information is not available (e.g.
 unknown algorithms or malformed parameters).
 
+X509_REQ_set1_signature_algo() returns 0 on success; or 1 on an
+error (e.g. null ALGO pointer). X509_REQ_set0_signature does
+not return an error value.
+
 =head1 SEE ALSO
 
 L<d2i_X509(3)>,
@@ -118,6 +127,9 @@ X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
 X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were
 added in OpenSSL 1.1.0.
 
+The X509_REQ_set0_signature() and X509_REQ_set1_signature_algo()
+were added in OpenSSL 1.1.1e.
+
 =head1 COPYRIGHT
 
 Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 39ca0ba575..e63d043e5f 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -478,6 +478,7 @@ void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
                      const void **ppval, const X509_ALGOR *algor);
 void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
 int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
+int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src);
 
 X509_NAME *X509_NAME_dup(X509_NAME *xn);
 X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
@@ -679,6 +680,8 @@ X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
 int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
 void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
                              const X509_ALGOR **palg);
+void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig);
+int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg);
 int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 876b7ca710..e16b836eb2 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4587,3 +4587,6 @@ EVP_PKEY_meth_set_digestverify          4540	1_1_1e	EXIST::FUNCTION:
 EVP_PKEY_meth_get_digestverify          4541	1_1_1e	EXIST::FUNCTION:
 EVP_PKEY_meth_get_digestsign            4542	1_1_1e	EXIST::FUNCTION:
 RSA_get0_pss_params                     4543	1_1_1e	EXIST::FUNCTION:RSA
+X509_ALGOR_copy                         4544	1_1_1h	EXIST::FUNCTION:
+X509_REQ_set0_signature                 4545	1_1_1h	EXIST::FUNCTION:
+X509_REQ_set1_signature_algo            4546	1_1_1h	EXIST::FUNCTION:


More information about the openssl-commits mailing list