Add setter equivalents to X509_REQ_get0_signature

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from #10563)
openssl · Apr 21, 2020 · c72e593 · c72e593
1 parent 1269a9a
commit c72e593
Show file tree

Hide file tree

Showing 6 changed files with 72 additions and 6 deletions.
diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
@@ -92,3 +92,31 @@ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
         return 0;
     return ASN1_TYPE_cmp(a->parameter, b->parameter);
 }
+
+int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src)
+{
+    if (src == NULL || dest == NULL)
+	return 0;
+
+    if (dest->algorithm)
+         ASN1_OBJECT_free(dest->algorithm);
+    dest->algorithm = NULL;
+
+    if (dest->parameter)
+        ASN1_TYPE_free(dest->parameter);
+    dest->parameter = NULL;
+
+    if (src->algorithm)
+        if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL)
+	    return 0;
+
+    if (src->parameter)
+        /* Assuming this is also correct for a BOOL.
+         * set does copy as a side effect.
+         */
+        if (ASN1_TYPE_set1(dest->parameter, 
+              src->parameter->type, src->parameter->value.ptr) == 0)
+	    return 0;
+
+    return 1;
+}
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
@@ -286,6 +286,18 @@ void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
         *palg = &req->sig_alg;
 }
 
+void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig)
+{
+    if (req->signature)
+           ASN1_BIT_STRING_free(req->signature);
+    req->signature = psig;
+}
+
+int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg)
+{
+    return X509_ALGOR_copy(&req->sig_alg, palg);
+}
+
 int X509_REQ_get_signature_nid(const X509_REQ *req)
 {
     return OBJ_obj2nid(req->sig_alg.algorithm);

diff --git a/doc/man3/X509_ALGOR_dup.pod b/doc/man3/X509_ALGOR_dup.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp - AlgorithmIdentifier functions
+X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp, X509_ALGOR_copy - AlgorithmIdentifier functions
 
 =head1 SYNOPSIS
 
@@ -14,6 +14,7 @@ X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_
                       const void **ppval, const X509_ALGOR *alg);
  void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
  int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
+ int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src);
 
 =head1 DESCRIPTION
 
@@ -36,18 +37,25 @@ values for the message digest B<md>.
 X509_ALGOR_cmp() compares B<a> and B<b> and returns 0 if they have identical
 encodings and nonzero otherwise.
 
+X509_ALGOR_copy() copies the source values into the dest structs; making
+a duplicate of each (and free any thing pointed to from within *dest).
+
 =head1 RETURN VALUES
 
 X509_ALGOR_dup() returns a valid B<X509_ALGOR> structure or NULL if an error
 occurred.
 
-X509_ALGOR_set0() returns 1 on success or 0 on error.
+X509_ALGOR_set0() and X509_ALGOR_copy() return 1 on success or 0 on error.
 
 X509_ALGOR_get0() and X509_ALGOR_set_md() return no values.
 
 X509_ALGOR_cmp() returns 0 if the two parameters have identical encodings and
 nonzero otherwise.
 
+=head1 HISTORY
+
+The X509_ALGOR_copy() was added in 1.1.1e.
+
 =head1 COPYRIGHT
 
 Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

diff --git a/doc/man3/X509_get0_signature.pod b/doc/man3/X509_get0_signature.pod
@@ -2,10 +2,10 @@
 
 =head1 NAME
 
-X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg,
-X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature,
-X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get,
-X509_SIG_INFO_set - signature information
+X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo,
+X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, 
+X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, 
+X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set - signature information
 
 =head1 SYNOPSIS
 
@@ -14,6 +14,8 @@ X509_SIG_INFO_set - signature information
  void X509_get0_signature(const ASN1_BIT_STRING **psig,
                           const X509_ALGOR **palg,
                           const X509 *x);
+ void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig);
+ int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg);
  int X509_get_signature_nid(const X509 *x);
  const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
 
@@ -41,6 +43,9 @@ X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg>
 to the signature algorithm of B<x>. The values returned are internal
 pointers which B<MUST NOT> be freed up after the call.
 
+X509_set0_signature() and X509_REQ_set1_signature_algo() are the
+equivalent setters for the two values of X509_get0_signature().
+
 X509_get0_tbs_sigalg() returns the signature algorithm in the signed
 portion of B<x>.
 
@@ -88,6 +93,10 @@ X509_get_signature_info() returns 1 if the signature information
 returned is valid or 0 if the information is not available (e.g.
 unknown algorithms or malformed parameters).
 
+X509_REQ_set1_signature_algo() returns 0 on success; or 1 on an
+error (e.g. null ALGO pointer). X509_REQ_set0_signature does
+not return an error value.
+
 =head1 SEE ALSO
 
 L<d2i_X509(3)>,
@@ -118,6 +127,9 @@ X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
 X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were
 added in OpenSSL 1.1.0.
 
+The X509_REQ_set0_signature() and X509_REQ_set1_signature_algo()
+were added in OpenSSL 1.1.1e.
+
 =head1 COPYRIGHT
 
 Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
@@ -500,6 +500,7 @@ void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
                      const void **ppval, const X509_ALGOR *algor);
 void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
 int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
+int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src);
 
 DECLARE_ASN1_DUP_FUNCTION(X509_NAME)
 DECLARE_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
@@ -707,6 +708,8 @@ X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); /* TODO change to get
 int X509_REQ_set_subject_name(X509_REQ *req, const X509_NAME *name);
 void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
                              const X509_ALGOR **palg);
+void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig);
+int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg);
 int X509_REQ_get_signature_nid(const X509_REQ *req);
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);

diff --git a/util/libcrypto.num b/util/libcrypto.num
@@ -5074,3 +5074,6 @@ EVP_PKEY_CTX_set_dh_rfc5114             ?	3_0_0	EXIST::FUNCTION:DH
 EVP_PKEY_CTX_set_dhx_rfc5114            ?	3_0_0	EXIST::FUNCTION:DH
 X509_verify_ex                          ?	3_0_0	EXIST::FUNCTION:
 X509_REQ_verify_ex                      ?	3_0_0	EXIST::FUNCTION:
+X509_ALGOR_copy                         ?	3_0_0	EXIST::FUNCTION:
+X509_REQ_set0_signature                 ?	3_0_0	EXIST::FUNCTION:
+X509_REQ_set1_signature_algo            ?	3_0_0	EXIST::FUNCTION: