[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Sun Mar 28 06:35:55 UTC 2021
The branch master has been updated
via 7f2fa88519daa1c89b363d0287c4256ac85e2128 (commit)
via e7aa284e68b6436aee9b2f8e2145e783b5fea28d (commit)
via 808c63c5d004cda41290b08bf670628590944733 (commit)
via 239ff7f7690fb68dde6324a29ca337bbd4c5aa7f (commit)
via f0800c7c226c60161b49d832c342453b735984b4 (commit)
from a638fb9413b2fc3e5f9d1de3ff0dcc1ec6c78468 (commit)
- Log -----------------------------------------------------------------
commit 7f2fa88519daa1c89b363d0287c4256ac85e2128
Author: Pauli <pauli at openssl.org>
Date: Fri Mar 26 10:05:08 2021 +1000
doc: fix style problems with this man page
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14642)
commit e7aa284e68b6436aee9b2f8e2145e783b5fea28d
Author: Pauli <pauli at openssl.org>
Date: Thu Mar 25 17:53:57 2021 +1000
Fix X509_PUBKEY_dup() to not leak memory
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14642)
commit 808c63c5d004cda41290b08bf670628590944733
Author: Pauli <pauli at openssl.org>
Date: Thu Mar 25 12:05:54 2021 +1000
test: add test case for X508_PUBKEY_dup() function
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14642)
commit 239ff7f7690fb68dde6324a29ca337bbd4c5aa7f
Author: Pauli <pauli at openssl.org>
Date: Thu Mar 25 11:55:06 2021 +1000
doc: add documentation for the X509_PUBKEY_dup() function
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14642)
commit f0800c7c226c60161b49d832c342453b735984b4
Author: Sahana Prasad <sahana at redhat.com>
Date: Mon Mar 22 11:04:45 2021 +0100
Allocates and initializes pubkey in X509_PUBKEY_dup()
Fixes #14617
Signed-off-by: Sahana Prasad <sahana at redhat.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14642)
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x_pubkey.c | 19 ++++++-----
doc/man3/X509_PUBKEY_new.pod | 40 ++++++++++++-----------
test/evp_extra_test.c | 76 +++++++++++++++++++++++++++++++++-----------
3 files changed, 88 insertions(+), 47 deletions(-)
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index b2c8e4c83e..5099f9618a 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -207,21 +207,20 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
*/
X509_PUBKEY *X509_PUBKEY_dup(const X509_PUBKEY *a)
{
- X509_PUBKEY *pubkey = NULL;
-
- if (!x509_pubkey_ex_new(NULL, ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL))
- || !x509_pubkey_set0_libctx(pubkey, a->libctx, a->propq)
- || (pubkey->algor = X509_ALGOR_dup(a->algor)) == NULL
- || (pubkey->public_key = ASN1_BIT_STRING_new()) == NULL
- || !ASN1_BIT_STRING_set(pubkey->public_key,
- a->public_key->data, a->public_key->length)
- || (a->pkey != NULL && !EVP_PKEY_up_ref(a->pkey))) {
+ X509_PUBKEY *pubkey = OPENSSL_zalloc(sizeof(*pubkey));
+
+ if (pubkey == NULL
+ || !x509_pubkey_set0_libctx(pubkey, a->libctx, a->propq)
+ || (pubkey->algor = X509_ALGOR_dup(a->algor)) == NULL
+ || (pubkey->public_key = ASN1_BIT_STRING_new()) == NULL
+ || !ASN1_BIT_STRING_set(pubkey->public_key,
+ a->public_key->data, a->public_key->length)
+ || (a->pkey != NULL && !EVP_PKEY_up_ref(a->pkey))) {
x509_pubkey_ex_free((ASN1_VALUE **)&pubkey,
ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL));
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
return NULL;
}
-
pubkey->pkey = a->pkey;
return pubkey;
}
diff --git a/doc/man3/X509_PUBKEY_new.pod b/doc/man3/X509_PUBKEY_new.pod
index fa6141d682..ea2903237b 100644
--- a/doc/man3/X509_PUBKEY_new.pod
+++ b/doc/man3/X509_PUBKEY_new.pod
@@ -46,14 +46,17 @@ structure defined in RFC5280 and used in certificates and certificate requests.
X509_PUBKEY_new() allocates and initializes an B<X509_PUBKEY> structure.
-X509_PUBKEY_free() frees up B<X509_PUBKEY> structure B<a>. If B<a> is NULL
+X509_PUBKEY_dup() creates a duplicate copy of the B<X509_PUBKEY> object
+specified by I<a>.
+
+X509_PUBKEY_free() frees up B<X509_PUBKEY> structure I<a>. If I<a> is NULL
nothing is done.
-X509_PUBKEY_set() sets the public key in B<*x> to the public key contained
-in the B<EVP_PKEY> structure B<pkey>. If B<*x> is not NULL any existing
+X509_PUBKEY_set() sets the public key in I<*x> to the public key contained
+in the B<EVP_PKEY> structure I<pkey>. If I<*x> is not NULL any existing
public key structure will be freed.
-X509_PUBKEY_get0() returns the public key contained in B<key>. The returned
+X509_PUBKEY_get0() returns the public key contained in I<key>. The returned
value is an internal pointer which B<MUST NOT> be freed after use.
X509_PUBKEY_get() is similar to X509_PUBKEY_get0() except the reference
@@ -74,19 +77,19 @@ d2i_PUBKEY_bio(), d2i_PUBKEY_fp(), i2d_PUBKEY_bio() and i2d_PUBKEY_fp() are
similar to d2i_PUBKEY() and i2d_PUBKEY() except they decode or encode using a
B<BIO> or B<FILE> pointer.
-X509_PUBKEY_set0_param() sets the public key parameters of B<pub>. The
-OID associated with the algorithm is set to B<aobj>. The type of the
-algorithm parameters is set to B<type> using the structure B<pval>.
-The encoding of the public key itself is set to the B<penclen>
-bytes contained in buffer B<penc>. On success ownership of all the supplied
-parameters is passed to B<pub> so they must not be freed after the
+X509_PUBKEY_set0_param() sets the public key parameters of I<pub>. The
+OID associated with the algorithm is set to I<aobj>. The type of the
+algorithm parameters is set to I<type> using the structure I<pval>.
+The encoding of the public key itself is set to the I<penclen>
+bytes contained in buffer I<penc>. On success ownership of all the supplied
+parameters is passed to I<pub> so they must not be freed after the
call.
-X509_PUBKEY_get0_param() retrieves the public key parameters from B<pub>,
-B<*ppkalg> is set to the associated OID and the encoding consists of
-B<*ppklen> bytes at B<*pk>, B<*pa> is set to the associated
+X509_PUBKEY_get0_param() retrieves the public key parameters from I<pub>,
+I<*ppkalg> is set to the associated OID and the encoding consists of
+I<*ppklen> bytes at I<*pk>, I<*pa> is set to the associated
AlgorithmIdentifier for the public key. If the value of any of these
-parameters is not required it can be set to B<NULL>. All of the
+parameters is not required it can be set to NULL. All of the
retrieved pointers are internal and must not be freed after the
call.
@@ -102,15 +105,14 @@ directly: they will instead call wrapper functions such as X509_get0_pubkey().
=head1 RETURN VALUES
-If the allocation fails, X509_PUBKEY_new() returns B<NULL> and sets an error
-code that can be obtained by L<ERR_get_error(3)>.
-
-Otherwise it returns a pointer to the newly allocated structure.
+If the allocation fails, X509_PUBKEY_new() and X509_PUBKEY_dup() return
+NULL and set an error code that can be obtained by L<ERR_get_error(3)>.
+Otherwise they return a pointer to the newly allocated structure.
X509_PUBKEY_free() does not return a value.
X509_PUBKEY_get0() and X509_PUBKEY_get() return a pointer to an B<EVP_PKEY>
-structure or B<NULL> if an error occurs.
+structure or NULL if an error occurs.
X509_PUBKEY_set(), X509_PUBKEY_set0_param() and X509_PUBKEY_get0_param()
return 1 for success and 0 if an error occurred.
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 45ca43aee1..859ef4cb91 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1856,31 +1856,70 @@ static int test_emptyikm_HKDF(void)
#ifndef OPENSSL_NO_EC
static int test_X509_PUBKEY_inplace(void)
{
- int ret = 0;
- X509_PUBKEY *xp = NULL;
- const unsigned char *p = kExampleECPubKeyDER;
- size_t input_len = sizeof(kExampleECPubKeyDER);
+ int ret = 0;
+ X509_PUBKEY *xp = NULL;
+ const unsigned char *p = kExampleECPubKeyDER;
+ size_t input_len = sizeof(kExampleECPubKeyDER);
- if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
- goto done;
+ if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
+ goto done;
- if (!TEST_ptr(X509_PUBKEY_get0(xp)))
- goto done;
+ if (!TEST_ptr(X509_PUBKEY_get0(xp)))
+ goto done;
- p = kExampleBadECPubKeyDER;
- input_len = sizeof(kExampleBadECPubKeyDER);
+ p = kExampleBadECPubKeyDER;
+ input_len = sizeof(kExampleBadECPubKeyDER);
- if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
- goto done;
+ if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
+ goto done;
- if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
- goto done;
+ if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
+ goto done;
- ret = 1;
+ ret = 1;
-done:
- X509_PUBKEY_free(xp);
- return ret;
+ done:
+ X509_PUBKEY_free(xp);
+ return ret;
+}
+
+static int test_X509_PUBKEY_dup(void)
+{
+ int ret = 0;
+ X509_PUBKEY *xp = NULL, *xq = NULL;
+ const unsigned char *p = kExampleECPubKeyDER;
+ size_t input_len = sizeof(kExampleECPubKeyDER);
+
+ if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len))
+ || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
+ || !TEST_ptr_ne(xp, xq))
+ goto done;
+
+ if (!TEST_ptr(X509_PUBKEY_get0(xq))
+ || !TEST_ptr(X509_PUBKEY_get0(xp))
+ || !TEST_ptr_eq(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
+ goto done;
+
+ X509_PUBKEY_free(xq);
+ xq = NULL;
+ p = kExampleBadECPubKeyDER;
+ input_len = sizeof(kExampleBadECPubKeyDER);
+
+ if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
+ || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
+ goto done;
+
+ X509_PUBKEY_free(xp);
+ xp = NULL;
+ if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
+ goto done;
+
+ ret = 1;
+
+ done:
+ X509_PUBKEY_free(xp);
+ X509_PUBKEY_free(xq);
+ return ret;
}
#endif /* OPENSSL_NO_EC */
@@ -2703,6 +2742,7 @@ int setup_tests(void)
ADD_TEST(test_emptyikm_HKDF);
#ifndef OPENSSL_NO_EC
ADD_TEST(test_X509_PUBKEY_inplace);
+ ADD_TEST(test_X509_PUBKEY_dup);
ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
OSSL_NELEM(ec_der_pub_keys));
#endif
More information about the openssl-commits
mailing list