[openssl] master update

dev at ddvo.net dev at ddvo.net
Tue May 26 07:48:20 UTC 2020


The branch master has been updated
       via  93f99b681ab5a1cf7062053323e09b0cad5ff854 (commit)
       via  7674e92324648b59786d86d8e9014bbaed4e6d07 (commit)
      from  5606922c3d2e8c3d3ffda4347cb9fe3992d75f89 (commit)


- Log -----------------------------------------------------------------
commit 93f99b681ab5a1cf7062053323e09b0cad5ff854
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Thu May 21 10:37:22 2020 +0200

    Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it
    
    Fixes #11870
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/11894)

commit 7674e92324648b59786d86d8e9014bbaed4e6d07
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sun May 24 18:28:06 2020 +0200

    Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param()
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/11894)

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/ameth_lib.c           |  2 +-
 crypto/crmf/crmf_lib.c            | 21 +--------------------
 crypto/dh/dh_ameth.c              |  2 +-
 crypto/dsa/dsa_ameth.c            |  2 +-
 crypto/ec/ec_ameth.c              |  2 +-
 crypto/ec/ecx_meth.c              |  2 +-
 crypto/rsa/rsa_ameth.c            |  2 +-
 crypto/x509/x_pubkey.c            | 31 ++++++++++++++++++++++++++-----
 doc/man3/EVP_PKEY_ASN1_METHOD.pod |  2 +-
 doc/man3/X509_PUBKEY_new.pod      | 19 ++++++++++++++-----
 include/crypto/asn1.h             |  2 +-
 include/openssl/evp.h             |  2 +-
 include/openssl/x509.h            |  7 ++++---
 util/libcrypto.num                |  1 +
 14 files changed, 55 insertions(+), 42 deletions(-)

diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index a006c7624d..8c7df51fe4 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -277,7 +277,7 @@ void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth)
 
 void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
                               int (*pub_decode) (EVP_PKEY *pk,
-                                                 X509_PUBKEY *pub),
+                                                 const X509_PUBKEY *pub),
                               int (*pub_encode) (X509_PUBKEY *pub,
                                                  const EVP_PKEY *pk),
                               int (*pub_cmp) (const EVP_PKEY *a,
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c
index 89eb2c3775..c20a6da0f2 100644
--- a/crypto/crmf/crmf_lib.c
+++ b/crypto/crmf/crmf_lib.c
@@ -461,25 +461,6 @@ int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey,
     return 0;
 }
 
-/* returns 0 for equal, -1 for a < b or error on a, 1 for a > b or error on b */
-static int X509_PUBKEY_cmp(X509_PUBKEY *a, X509_PUBKEY *b)
-{
-    X509_ALGOR *algA = NULL, *algB = NULL;
-    int res = 0;
-
-    if (a == b)
-        return 0;
-    if (a == NULL || !X509_PUBKEY_get0_param(NULL, NULL, NULL, &algA, a)
-            || algA == NULL)
-        return -1;
-    if (b == NULL || !X509_PUBKEY_get0_param(NULL, NULL, NULL, &algB, b)
-            || algB == NULL)
-        return 1;
-    if ((res = X509_ALGOR_cmp(algA, algB)) != 0)
-        return res;
-    return EVP_PKEY_cmp(X509_PUBKEY_get0(a), X509_PUBKEY_get0(b));
-}
-
 /* verifies the Proof-of-Possession of the request with the given rid in reqs */
 int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified)
@@ -522,7 +503,7 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                 CRMFerr(0, CRMF_R_POPO_MISSING_PUBLIC_KEY);
                 return 0;
             }
-            if (X509_PUBKEY_cmp(pubkey, sig->poposkInput->publicKey) != 0) {
+            if (X509_PUBKEY_eq(pubkey, sig->poposkInput->publicKey) != 1) {
                 CRMFerr(0, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY);
                 return 0;
             }
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index e76b655f40..d93d519444 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -52,7 +52,7 @@ static void int_dh_free(EVP_PKEY *pkey)
     DH_free(pkey->pkey.dh);
 }
 
-static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+static int dh_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey)
 {
     const unsigned char *p, *pm;
     int pklen, pmlen;
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index f74b50ee9c..651b463235 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -27,7 +27,7 @@
 #include "internal/ffc.h"
 #include "dsa_local.h"
 
-static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+static int dsa_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey)
 {
     const unsigned char *p, *pm;
     int pklen, pmlen;
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index cac0b682f9..6ccaef3815 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -141,7 +141,7 @@ static EC_KEY *eckey_type2param(int ptype, const void *pval)
     return NULL;
 }
 
-static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+static int eckey_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey)
 {
     const unsigned char *p = NULL;
     const void *pval;
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index eedb1c9259..8b63e6918d 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -126,7 +126,7 @@ static int ecx_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
     return 1;
 }
 
-static int ecx_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+static int ecx_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey)
 {
     const unsigned char *p;
     int pklen;
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index e9eddde68e..6628e38342 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -101,7 +101,7 @@ static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
     return 0;
 }
 
-static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+static int rsa_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey)
 {
     const unsigned char *p;
     int pklen;
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index d3e6af2552..14893adb2f 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -30,7 +30,7 @@ struct X509_pubkey_st {
     EVP_PKEY *pkey;
 };
 
-static int x509_pubkey_decode(EVP_PKEY **pk, X509_PUBKEY *key);
+static int x509_pubkey_decode(EVP_PKEY **pk, const X509_PUBKEY *key);
 
 /* Minor tweak to operation: free up EVP_PKEY */
 static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
@@ -151,7 +151,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
  */
 
 
-static int x509_pubkey_decode(EVP_PKEY **ppkey, X509_PUBKEY *key)
+static int x509_pubkey_decode(EVP_PKEY **ppkey, const X509_PUBKEY *key)
 {
     EVP_PKEY *pkey = EVP_PKEY_new();
 
@@ -188,7 +188,7 @@ static int x509_pubkey_decode(EVP_PKEY **ppkey, X509_PUBKEY *key)
     return 0;
 }
 
-EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key)
+EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key)
 {
     EVP_PKEY *ret = NULL;
 
@@ -216,7 +216,7 @@ EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key)
     return NULL;
 }
 
-EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key)
 {
     EVP_PKEY *ret = X509_PUBKEY_get0(key);
 
@@ -453,7 +453,7 @@ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
 
 int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
                            const unsigned char **pk, int *ppklen,
-                           X509_ALGOR **pa, X509_PUBKEY *pub)
+                           X509_ALGOR **pa, const X509_PUBKEY *pub)
 {
     if (ppkalg)
         *ppkalg = pub->algor->algorithm;
@@ -472,3 +472,24 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
         return NULL;
     return x->cert_info.key->public_key;
 }
+
+/* Returns 1 for equal, 0, for non-equal, < 0 on error */
+int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b)
+{
+    X509_ALGOR *algA, *algB;
+    EVP_PKEY *pA, *pB;
+
+    if (a == b)
+        return 1;
+    if (a == NULL || b == NULL)
+        return 0;
+    if (!X509_PUBKEY_get0_param(NULL, NULL, NULL, &algA, a) || algA == NULL
+        || !X509_PUBKEY_get0_param(NULL, NULL, NULL, &algB, b) || algB == NULL)
+        return -2;
+    if (X509_ALGOR_cmp(algA, algB) != 0)
+        return 0;
+    if ((pA = X509_PUBKEY_get0(a)) == NULL
+        || (pB = X509_PUBKEY_get0(b)) == NULL)
+        return -2;
+    return EVP_PKEY_cmp(pA, pB);
+}
diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod
index ed44749cc2..989008db07 100644
--- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod
+++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod
@@ -43,7 +43,7 @@ EVP_PKEY_get0_asn1
 
  void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
                                int (*pub_decode) (EVP_PKEY *pk,
-                                                  X509_PUBKEY *pub),
+                                                  const X509_PUBKEY *pub),
                                int (*pub_encode) (X509_PUBKEY *pub,
                                                   const EVP_PKEY *pk),
                                int (*pub_cmp) (const EVP_PKEY *a,
diff --git a/doc/man3/X509_PUBKEY_new.pod b/doc/man3/X509_PUBKEY_new.pod
index 551031b82b..60d1cd390e 100644
--- a/doc/man3/X509_PUBKEY_new.pod
+++ b/doc/man3/X509_PUBKEY_new.pod
@@ -5,8 +5,8 @@
 X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_dup,
 X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get,
 d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp,
-i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param,
-X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions
+i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, X509_PUBKEY_get0_param,
+X509_PUBKEY_eq - SubjectPublicKeyInfo public key functions
 
 =head1 SYNOPSIS
 
@@ -17,8 +17,8 @@ X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions
  X509_PUBKEY *X509_PUBKEY_dup(const X509_PUBKEY *a);
 
  int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
- EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
- EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
+ EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key);
+ EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key);
 
  EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
  int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp);
@@ -34,7 +34,8 @@ X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions
                             unsigned char *penc, int penclen);
  int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
                             const unsigned char **pk, int *ppklen,
-                            X509_ALGOR **pa, X509_PUBKEY *pub);
+                            X509_ALGOR **pa, const X509_PUBKEY *pub);
+ int X509_PUBKEY_eq(X509_PUBKEY *a, X509_PUBKEY *b);
 
 =head1 DESCRIPTION
 
@@ -81,6 +82,8 @@ parameters is not required it can be set to B<NULL>. All of the
 retrieved pointers are internal and must not be freed after the
 call.
 
+X509_PUBKEY_eq() compares two B<X509_PUBKEY> values.
+
 =head1 NOTES
 
 The B<X509_PUBKEY> functions can be used to encode and decode public keys
@@ -104,12 +107,18 @@ structure or B<NULL> if an error occurs.
 X509_PUBKEY_set(), X509_PUBKEY_set0_param() and X509_PUBKEY_get0_param()
 return 1 for success and 0 if an error occurred.
 
+X509_PUBKEY_eq() returns 1 for equal, 0 for different, and < 0 on error.
+
 =head1 SEE ALSO
 
 L<d2i_X509(3)>,
 L<ERR_get_error(3)>,
 L<X509_get_pubkey(3)>,
 
+=head1 HISTORY
+
+The X509_PUBKEY_eq() function was added in OpenSSL 3.0.
+
 =head1 COPYRIGHT
 
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h
index aaf091f8a5..d3683649bc 100644
--- a/include/crypto/asn1.h
+++ b/include/crypto/asn1.h
@@ -19,7 +19,7 @@ struct evp_pkey_asn1_method_st {
     unsigned long pkey_flags;
     char *pem_str;
     char *info;
-    int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub);
+    int (*pub_decode) (EVP_PKEY *pk, const X509_PUBKEY *pub);
     int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk);
     int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
     int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent,
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 0d5ce07f31..3d2e161549 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1306,7 +1306,7 @@ void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
 void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
 void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
                               int (*pub_decode) (EVP_PKEY *pk,
-                                                 X509_PUBKEY *pub),
+                                                 const X509_PUBKEY *pub),
                               int (*pub_encode) (X509_PUBKEY *pub,
                                                  const EVP_PKEY *pk),
                               int (*pub_cmp) (const EVP_PKEY *a,
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index d709c53ced..b0e33d5286 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -519,8 +519,8 @@ DECLARE_ASN1_FUNCTIONS(X509_VAL)
 DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
 
 int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
-EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
-EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
+EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key);
+EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key);
 int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain);
 long X509_get_pathlen(X509 *x);
 DECLARE_ASN1_ENCODE_FUNCTIONS_only(EVP_PKEY, PUBKEY)
@@ -1052,7 +1052,8 @@ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                            unsigned char *penc, int penclen);
 int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
                            const unsigned char **pk, int *ppklen,
-                           X509_ALGOR **pa, X509_PUBKEY *pub);
+                           X509_ALGOR **pa, const X509_PUBKEY *pub);
+int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b);
 
 int X509_check_trust(X509 *x, int id, int flags);
 int X509_TRUST_get_count(void);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index aea01e55fa..724d5038de 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5094,3 +5094,4 @@ EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen ?	3_0_0	EXIST::FUNCTION:RSA
 EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md ?	3_0_0	EXIST::FUNCTION:RSA
 EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name ?	3_0_0	EXIST::FUNCTION:RSA
 OSSL_PROVIDER_do_all                    ?	3_0_0	EXIST::FUNCTION:
+X509_PUBKEY_eq                          ?	3_0_0	EXIST::FUNCTION:


More information about the openssl-commits mailing list