Browse Source

Embed various signature algorithms.

Reviewed-by: Rich Salz <rsalz@openssl.org>
master
Dr. Stephen Henson 7 years ago
parent
commit
6e63c142f2
14 changed files with 43 additions and 45 deletions
  1. +3
    -3
      crypto/asn1/t_crl.c
  2. +1
    -1
      crypto/asn1/t_req.c
  3. +1
    -1
      crypto/asn1/t_spki.c
  4. +2
    -2
      crypto/asn1/t_x509.c
  5. +3
    -3
      crypto/asn1/x_crl.c
  6. +1
    -1
      crypto/asn1/x_req.c
  7. +1
    -1
      crypto/asn1/x_spki.c
  8. +5
    -6
      crypto/asn1/x_x509.c
  9. +3
    -3
      crypto/include/internal/x509_int.h
  10. +1
    -1
      crypto/x509/x509_cmp.c
  11. +1
    -1
      crypto/x509/x509_set.c
  12. +2
    -2
      crypto/x509/x509cset.c
  13. +14
    -14
      crypto/x509/x_all.c
  14. +5
    -6
      include/openssl/x509.h

+ 3
- 3
crypto/asn1/t_crl.c View File

@ -94,8 +94,8 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
BIO_printf(out, "Certificate Revocation List (CRL):\n");
l = X509_CRL_get_version(x);
BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l);
i = OBJ_obj2nid(x->sig_alg->algorithm);
X509_signature_print(out, x->sig_alg, NULL);
i = OBJ_obj2nid(x->sig_alg.algorithm);
X509_signature_print(out, &x->sig_alg, NULL);
p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);
BIO_printf(out, "%8sIssuer: %s\n", "", p);
OPENSSL_free(p);
@ -127,7 +127,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
X509V3_extensions_print(out, "CRL entry extensions",
r->extensions, 0, 8);
}
X509_signature_print(out, x->sig_alg, x->signature);
X509_signature_print(out, &x->sig_alg, x->signature);
return 1;


+ 1
- 1
crypto/asn1/t_req.c View File

@ -227,7 +227,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
}
if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
if (!X509_signature_print(bp, x->sig_alg, x->signature))
if (!X509_signature_print(bp, &x->sig_alg, x->signature))
goto err;
}


+ 1
- 1
crypto/asn1/t_spki.c View File

@ -91,7 +91,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
chal = spki->spkac->challenge;
if (chal->length)
BIO_printf(out, " Challenge String: %s\n", chal->data);
i = OBJ_obj2nid(spki->sig_algor->algorithm);
i = OBJ_obj2nid(spki->sig_algor.algorithm);
BIO_printf(out, " Signature Algorithm: %s",
(i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));


+ 2
- 2
crypto/asn1/t_x509.c View File

@ -170,7 +170,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
}
if (!(cflag & X509_FLAG_NO_SIGNAME)) {
if (X509_signature_print(bp, ci->signature, NULL) <= 0)
if (X509_signature_print(bp, &ci->signature, NULL) <= 0)
goto err;
}
@ -246,7 +246,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
ci->extensions, cflag, 8);
if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0)
if (X509_signature_print(bp, &x->sig_alg, x->signature) <= 0)
goto err;
}
if (!(cflag & X509_FLAG_NO_AUX)) {


+ 3
- 3
crypto/asn1/x_crl.c View File

@ -115,7 +115,7 @@ static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
ASN1_EMBED(X509_CRL_INFO, sig_alg, X509_ALGOR),
ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
@ -332,7 +332,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = {
ASN1_EMBED(X509_CRL, crl, X509_CRL_INFO),
ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
ASN1_EMBED(X509_CRL, sig_alg, X509_ALGOR),
ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
@ -394,7 +394,7 @@ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
{
return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
crl->sig_alg, crl->signature, &crl->crl, r));
&crl->sig_alg, crl->signature, &crl->crl, r));
}
static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,


+ 1
- 1
crypto/asn1/x_req.c View File

@ -108,7 +108,7 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = {
ASN1_EMBED(X509_REQ, req_info, X509_REQ_INFO),
ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
ASN1_EMBED(X509_REQ, sig_alg, X509_ALGOR),
ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)


+ 1
- 1
crypto/asn1/x_spki.c View File

@ -75,7 +75,7 @@ IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
ASN1_SEQUENCE(NETSCAPE_SPKI) = {
ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
ASN1_EMBED(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END(NETSCAPE_SPKI)


+ 5
- 6
crypto/asn1/x_x509.c View File

@ -66,7 +66,7 @@
ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
ASN1_EMBED(X509_CINF, signature, X509_ALGOR),
ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
ASN1_EMBED(X509_CINF, validity, X509_VAL),
ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
@ -133,7 +133,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
ASN1_EMBED(X509, cert_info, X509_CINF),
ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
ASN1_EMBED(X509, sig_alg, X509_ALGOR),
ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END_ref(X509, X509)
@ -213,16 +213,15 @@ int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
return i2d_X509_CINF(&x->cert_info, pp);
}
void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
const X509 *x)
void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509 *x)
{
if (psig)
*psig = x->signature;
if (palg)
*palg = x->sig_alg;
*palg = &x->sig_alg;
}
int X509_get_signature_nid(const X509 *x)
{
return OBJ_obj2nid(x->sig_alg->algorithm);
return OBJ_obj2nid(x->sig_alg.algorithm);
}

+ 3
- 3
crypto/include/internal/x509_int.h View File

@ -101,14 +101,14 @@ struct X509_req_info_st {
struct X509_req_st {
X509_REQ_INFO req_info;
X509_ALGOR *sig_alg;
X509_ALGOR sig_alg;
ASN1_BIT_STRING *signature;
int references;
};
struct X509_crl_info_st {
ASN1_INTEGER *version;
X509_ALGOR *sig_alg;
X509_ALGOR sig_alg;
X509_NAME *issuer;
ASN1_TIME *lastUpdate;
ASN1_TIME *nextUpdate;
@ -120,7 +120,7 @@ struct X509_crl_info_st {
struct X509_crl_st {
/* actual signature */
X509_CRL_INFO crl;
X509_ALGOR *sig_alg;
X509_ALGOR sig_alg;
ASN1_BIT_STRING *signature;
int references;
int flags;


+ 1
- 1
crypto/x509/x509_cmp.c View File

@ -456,7 +456,7 @@ int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
int sign_nid;
if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
return X509_V_OK;
sign_nid = OBJ_obj2nid(crl->crl.sig_alg->algorithm);
sign_nid = OBJ_obj2nid(crl->crl.sig_alg.algorithm);
return check_suite_b(pk, sign_nid, &flags);
}


+ 1
- 1
crypto/x509/x509_set.c View File

@ -173,7 +173,7 @@ ASN1_TIME *X509_get_notAfter(X509 *x)
int X509_get_signature_type(const X509 *x)
{
return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg->algorithm));
return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg.algorithm));
}
X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x)


+ 2
- 2
crypto/x509/x509cset.c View File

@ -164,12 +164,12 @@ STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl)
}
void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
const X509_CRL *crl)
X509_CRL *crl)
{
if (psig)
*psig = crl->signature;
if (palg)
*palg = crl->sig_alg;
*palg = &crl->sig_alg;
}
int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)


+ 14
- 14
crypto/x509/x_all.c View File

@ -74,37 +74,37 @@
int X509_verify(X509 *a, EVP_PKEY *r)
{
if (X509_ALGOR_cmp(a->sig_alg, a->cert_info.signature))
if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature))
return 0;
return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg,
return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
a->signature, &a->cert_info, r));
}
int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
{
return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
a->sig_alg, a->signature, &a->req_info, r));
&a->sig_alg, a->signature, &a->req_info, r));
}
int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
{
return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
a->sig_algor, a->signature, a->spkac, r));
&a->sig_algor, a->signature, a->spkac, r));
}
int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
{
x->cert_info.enc.modified = 1;
return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info.signature,
x->sig_alg, x->signature, &x->cert_info, pkey, md));
return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature,
&x->sig_alg, x->signature, &x->cert_info, pkey, md));
}
int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
{
x->cert_info.enc.modified = 1;
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
x->cert_info.signature,
x->sig_alg, x->signature, &x->cert_info, ctx);
&x->cert_info.signature,
&x->sig_alg, x->signature, &x->cert_info, ctx);
}
int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert)
@ -115,29 +115,29 @@ int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert)
int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
{
return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), x->sig_alg, NULL,
return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
x->signature, &x->req_info, pkey, md));
}
int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
{
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
x->sig_alg, NULL, x->signature, &x->req_info,
&x->sig_alg, NULL, x->signature, &x->req_info,
ctx);
}
int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
{
x->crl.enc.modified = 1;
return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl.sig_alg,
x->sig_alg, x->signature, &x->crl, pkey, md));
return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
&x->sig_alg, x->signature, &x->crl, pkey, md));
}
int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
{
x->crl.enc.modified = 1;
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
x->crl.sig_alg, x->sig_alg, x->signature,
&x->crl.sig_alg, &x->sig_alg, x->signature,
&x->crl, ctx);
}
@ -150,7 +150,7 @@ int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl)
int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
{
return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL,
return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL,
x->signature, x->spkac, pkey, md));
}


+ 5
- 6
include/openssl/x509.h View File

@ -167,7 +167,7 @@ typedef struct X509_req_st X509_REQ;
typedef struct x509_cinf_st {
ASN1_INTEGER *version; /* [ 0 ] default of v1 */
ASN1_INTEGER *serialNumber;
X509_ALGOR *signature;
X509_ALGOR signature;
X509_NAME *issuer;
X509_VAL validity;
X509_NAME *subject;
@ -182,7 +182,7 @@ typedef struct x509_cert_aux_st X509_CERT_AUX;
struct x509_st {
X509_CINF cert_info;
X509_ALGOR *sig_alg;
X509_ALGOR sig_alg;
ASN1_BIT_STRING *signature;
int valid;
int references;
@ -375,7 +375,7 @@ typedef struct Netscape_spkac_st {
typedef struct Netscape_spki_st {
NETSCAPE_SPKAC *spkac; /* signed public key and challenge */
X509_ALGOR *sig_algor;
X509_ALGOR sig_algor;
ASN1_BIT_STRING *signature;
} NETSCAPE_SPKI;
@ -666,8 +666,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length);
int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
const X509 *x);
void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509 *x);
int X509_get_signature_nid(const X509 *x);
int X509_alias_set1(X509 *x, unsigned char *name, int len);
@ -793,7 +792,7 @@ ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
X509_NAME *X509_CRL_get_issuer(X509_CRL *crl);
STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
const X509_CRL *crl);
X509_CRL *crl);
int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);


Loading…
Cancel
Save