diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index 94c2aa3a2b211..52558d80c7838 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -92,3 +92,31 @@ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) return 0; return ASN1_TYPE_cmp(a->parameter, b->parameter); } + +int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src) +{ + if (src == NULL || dest == NULL) + return 0; + + if (dest->algorithm) + ASN1_OBJECT_free(dest->algorithm); + dest->algorithm = NULL; + + if (dest->parameter) + ASN1_TYPE_free(dest->parameter); + dest->parameter = NULL; + + if (src->algorithm) + if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL) + return 0; + + if (src->parameter) + /* Assuming this is also correct for a BOOL. + * set does copy as a side effect. + */ + if (ASN1_TYPE_set1(dest->parameter, + src->parameter->type, src->parameter->value.ptr) == 0) + return 0; + + return 1; +} diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 9382f37a8a467..9e846d5948ecc 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -286,6 +286,18 @@ void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, *palg = &req->sig_alg; } +void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig) +{ + if (req->signature) + ASN1_BIT_STRING_free(req->signature); + req->signature = psig; +} + +int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg) +{ + return X509_ALGOR_copy(&req->sig_alg, palg); +} + int X509_REQ_get_signature_nid(const X509_REQ *req) { return OBJ_obj2nid(req->sig_alg.algorithm); diff --git a/doc/man3/X509_ALGOR_dup.pod b/doc/man3/X509_ALGOR_dup.pod index 824694fbccf22..3fb5a9f0cd581 100644 --- a/doc/man3/X509_ALGOR_dup.pod +++ b/doc/man3/X509_ALGOR_dup.pod @@ -2,7 +2,7 @@ =head1 NAME -X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp - AlgorithmIdentifier functions +X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp, X509_ALGOR_copy - AlgorithmIdentifier functions =head1 SYNOPSIS @@ -14,6 +14,7 @@ X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_ const void **ppval, const X509_ALGOR *alg); void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); + int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); =head1 DESCRIPTION @@ -36,18 +37,25 @@ values for the message digest B. X509_ALGOR_cmp() compares B and B and returns 0 if they have identical encodings and nonzero otherwise. +X509_ALGOR_copy() copies the source values into the dest structs; making +a duplicate of each (and free any thing pointed to from within *dest). + =head1 RETURN VALUES X509_ALGOR_dup() returns a valid B structure or NULL if an error occurred. -X509_ALGOR_set0() returns 1 on success or 0 on error. +X509_ALGOR_set0() and X509_ALGOR_copy() return 1 on success or 0 on error. X509_ALGOR_get0() and X509_ALGOR_set_md() return no values. X509_ALGOR_cmp() returns 0 if the two parameters have identical encodings and nonzero otherwise. +=head1 HISTORY + +The X509_ALGOR_copy() was added in 1.1.1e. + =head1 COPYRIGHT Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/X509_get0_signature.pod b/doc/man3/X509_get0_signature.pod index eb3ebd1c417ff..94842a1f7982c 100644 --- a/doc/man3/X509_get0_signature.pod +++ b/doc/man3/X509_get0_signature.pod @@ -2,10 +2,10 @@ =head1 NAME -X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, -X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, -X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, -X509_SIG_INFO_set - signature information +X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo, +X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, +X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, +X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set - signature information =head1 SYNOPSIS @@ -14,6 +14,8 @@ X509_SIG_INFO_set - signature information void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); + void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); + int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); int X509_get_signature_nid(const X509 *x); const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); @@ -41,6 +43,9 @@ X509_get0_signature() sets B<*psig> to the signature of B and B<*palg> to the signature algorithm of B. The values returned are internal pointers which B be freed up after the call. +X509_set0_signature() and X509_REQ_set1_signature_algo() are the +equivalent setters for the two values of X509_get0_signature(). + X509_get0_tbs_sigalg() returns the signature algorithm in the signed portion of B. @@ -88,6 +93,10 @@ X509_get_signature_info() returns 1 if the signature information returned is valid or 0 if the information is not available (e.g. unknown algorithms or malformed parameters). +X509_REQ_set1_signature_algo() returns 0 on success; or 1 on an +error (e.g. null ALGO pointer). X509_REQ_set0_signature does +not return an error value. + =head1 SEE ALSO L, @@ -118,6 +127,9 @@ X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were added in OpenSSL 1.1.0. +The X509_REQ_set0_signature() and X509_REQ_set1_signature_algo() +were added in OpenSSL 1.1.1e. + =head1 COPYRIGHT Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 19ff55f46d2a5..861a26dce50af 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -500,6 +500,7 @@ void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor); void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); +int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); DECLARE_ASN1_DUP_FUNCTION(X509_NAME) DECLARE_ASN1_DUP_FUNCTION(X509_NAME_ENTRY) @@ -707,6 +708,8 @@ X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); /* TODO change to get int X509_REQ_set_subject_name(X509_REQ *req, const X509_NAME *name); void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg); +void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); +int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); int X509_REQ_get_signature_nid(const X509_REQ *req); int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); diff --git a/util/libcrypto.num b/util/libcrypto.num index bf5eb90f2c703..10220076621f6 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5074,3 +5074,6 @@ EVP_PKEY_CTX_set_dh_rfc5114 ? 3_0_0 EXIST::FUNCTION:DH EVP_PKEY_CTX_set_dhx_rfc5114 ? 3_0_0 EXIST::FUNCTION:DH X509_verify_ex ? 3_0_0 EXIST::FUNCTION: X509_REQ_verify_ex ? 3_0_0 EXIST::FUNCTION: +X509_ALGOR_copy ? 3_0_0 EXIST::FUNCTION: +X509_REQ_set0_signature ? 3_0_0 EXIST::FUNCTION: +X509_REQ_set1_signature_algo ? 3_0_0 EXIST::FUNCTION: