diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c index 51841c05c942f2b57cbf884f2a8feaa9bf4d5253..a76e1125e8fdaecb6c05735e0d1274cb3e4bcf1e 100644 --- a/crypto/asn1/t_crl.c +++ b/crypto/asn1/t_crl.c @@ -94,8 +94,8 @@ int X509_CRL_print(BIO *out, X509_CRL *x) BIO_printf(out, "Certificate Revocation List (CRL):\n"); l = X509_CRL_get_version(x); BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l); - i = OBJ_obj2nid(x->sig_alg->algorithm); - X509_signature_print(out, x->sig_alg, NULL); + i = OBJ_obj2nid(x->sig_alg.algorithm); + X509_signature_print(out, &x->sig_alg, NULL); p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0); BIO_printf(out, "%8sIssuer: %s\n", "", p); OPENSSL_free(p); @@ -127,7 +127,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x) X509V3_extensions_print(out, "CRL entry extensions", r->extensions, 0, 8); } - X509_signature_print(out, x->sig_alg, x->signature); + X509_signature_print(out, &x->sig_alg, x->signature); return 1; diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index d9966a3848402e10d39b3bdd50f53dd4f9a2bb0d..8ea350d7a30247547e51a3e6ac15189cc5ef4376 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c @@ -227,7 +227,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, } if (!(cflag & X509_FLAG_NO_SIGDUMP)) { - if (!X509_signature_print(bp, x->sig_alg, x->signature)) + if (!X509_signature_print(bp, &x->sig_alg, x->signature)) goto err; } diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c index 46914f900f06d6c8e91ed57dcc9d39e535733a91..c49f1c7dd27de12237d586b6e5b00dc08dff3dff 100644 --- a/crypto/asn1/t_spki.c +++ b/crypto/asn1/t_spki.c @@ -91,7 +91,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) chal = spki->spkac->challenge; if (chal->length) BIO_printf(out, " Challenge String: %s\n", chal->data); - i = OBJ_obj2nid(spki->sig_algor->algorithm); + i = OBJ_obj2nid(spki->sig_algor.algorithm); BIO_printf(out, " Signature Algorithm: %s", (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index cebf4413637427253a14c3b284823a42d865acee..17afeb92a43302b990e39179ef7c6e502bc6e8e8 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -170,7 +170,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, } if (!(cflag & X509_FLAG_NO_SIGNAME)) { - if (X509_signature_print(bp, ci->signature, NULL) <= 0) + if (X509_signature_print(bp, &ci->signature, NULL) <= 0) goto err; } @@ -246,7 +246,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, ci->extensions, cflag, 8); if (!(cflag & X509_FLAG_NO_SIGDUMP)) { - if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0) + if (X509_signature_print(bp, &x->sig_alg, x->signature) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_AUX)) { diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index 14ba3273b58d017d66cb73af58d7768a54ef7538..36b5177c8fd25de883eeeb2bbce9303ccfb6a3b1 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -115,7 +115,7 @@ static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), + ASN1_EMBED(X509_CRL_INFO, sig_alg, X509_ALGOR), ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), @@ -332,7 +332,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = { ASN1_EMBED(X509_CRL, crl, X509_CRL_INFO), - ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), + ASN1_EMBED(X509_CRL, sig_alg, X509_ALGOR), ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) } ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) @@ -394,7 +394,7 @@ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x) static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r) { return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), - crl->sig_alg, crl->signature, &crl->crl, r)); + &crl->sig_alg, crl->signature, &crl->crl, r)); } static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, diff --git a/crypto/asn1/x_req.c b/crypto/asn1/x_req.c index bd07d726272dd84fe55d8e2cea3e4aafd1d41941..b2d14e72235934931a46fb41e8b01cf6b1e0fcf3 100644 --- a/crypto/asn1/x_req.c +++ b/crypto/asn1/x_req.c @@ -108,7 +108,7 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = { ASN1_EMBED(X509_REQ, req_info, X509_REQ_INFO), - ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR), + ASN1_EMBED(X509_REQ, sig_alg, X509_ALGOR), ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) } ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ) diff --git a/crypto/asn1/x_spki.c b/crypto/asn1/x_spki.c index 88625655f16393fade4c0b42280c4b9efb6f1d9b..a2b20fbba7692f84f9f14a068bbca07172b7019e 100644 --- a/crypto/asn1/x_spki.c +++ b/crypto/asn1/x_spki.c @@ -75,7 +75,7 @@ IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC) ASN1_SEQUENCE(NETSCAPE_SPKI) = { ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC), - ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR), + ASN1_EMBED(NETSCAPE_SPKI, sig_algor, X509_ALGOR), ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(NETSCAPE_SPKI) diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index 76dfa35796e143b606f20a21bce730492bc2385c..112e63c4b6e04a517830fd5f996f3aae4f77328d 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -66,7 +66,7 @@ ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), - ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), + ASN1_EMBED(X509_CINF, signature, X509_ALGOR), ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), ASN1_EMBED(X509_CINF, validity, X509_VAL), ASN1_SIMPLE(X509_CINF, subject, X509_NAME), @@ -133,7 +133,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = { ASN1_EMBED(X509, cert_info, X509_CINF), - ASN1_SIMPLE(X509, sig_alg, X509_ALGOR), + ASN1_EMBED(X509, sig_alg, X509_ALGOR), ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING) } ASN1_SEQUENCE_END_ref(X509, X509) @@ -213,16 +213,15 @@ int i2d_re_X509_tbs(X509 *x, unsigned char **pp) return i2d_X509_CINF(&x->cert_info, pp); } -void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, - const X509 *x) +void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509 *x) { if (psig) *psig = x->signature; if (palg) - *palg = x->sig_alg; + *palg = &x->sig_alg; } int X509_get_signature_nid(const X509 *x) { - return OBJ_obj2nid(x->sig_alg->algorithm); + return OBJ_obj2nid(x->sig_alg.algorithm); } diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h index 96c15e3c90ca53c1ca1d0a0b892edbb3c043fda7..d9147aea3b1546583b8cfb52b247ac3f3f273385 100644 --- a/crypto/include/internal/x509_int.h +++ b/crypto/include/internal/x509_int.h @@ -101,14 +101,14 @@ struct X509_req_info_st { struct X509_req_st { X509_REQ_INFO req_info; - X509_ALGOR *sig_alg; + X509_ALGOR sig_alg; ASN1_BIT_STRING *signature; int references; }; struct X509_crl_info_st { ASN1_INTEGER *version; - X509_ALGOR *sig_alg; + X509_ALGOR sig_alg; X509_NAME *issuer; ASN1_TIME *lastUpdate; ASN1_TIME *nextUpdate; @@ -120,7 +120,7 @@ struct X509_crl_info_st { struct X509_crl_st { /* actual signature */ X509_CRL_INFO crl; - X509_ALGOR *sig_alg; + X509_ALGOR sig_alg; ASN1_BIT_STRING *signature; int references; int flags; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 6f8199b6b4e7b03aabe364ca87b6de1cfc6c884d..1e469f92dbc6faddc4733ccbc4d0c0886dca098a 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -456,7 +456,7 @@ int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) int sign_nid; if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) return X509_V_OK; - sign_nid = OBJ_obj2nid(crl->crl.sig_alg->algorithm); + sign_nid = OBJ_obj2nid(crl->crl.sig_alg.algorithm); return check_suite_b(pk, sign_nid, &flags); } diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index b5209f23cd26707ad1e8a418745518cf4fb2810a..1284bcb3db15e78b54bc5168dfa0d8339247cc66 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -173,7 +173,7 @@ ASN1_TIME *X509_get_notAfter(X509 *x) int X509_get_signature_type(const X509 *x) { - return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg->algorithm)); + return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg.algorithm)); } X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x) diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index e89dbc73979a0d8dde6a5e54f9e1e11aa6702130..6215cf0123ba348032f3c27d83758a1ca87d2a08 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -164,12 +164,12 @@ STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl) } void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, - const X509_CRL *crl) + X509_CRL *crl) { if (psig) *psig = crl->signature; if (palg) - *palg = crl->sig_alg; + *palg = &crl->sig_alg; } int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index b7f6be13bc0e82a84dc6b06da52ff35c3feabb16..1db66f6f615a1074839cdac13ac782d23717a130 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -74,37 +74,37 @@ int X509_verify(X509 *a, EVP_PKEY *r) { - if (X509_ALGOR_cmp(a->sig_alg, a->cert_info.signature)) + if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature)) return 0; - return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg, + return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg, a->signature, &a->cert_info, r)); } int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) { return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), - a->sig_alg, a->signature, &a->req_info, r)); + &a->sig_alg, a->signature, &a->req_info, r)); } int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) { return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), - a->sig_algor, a->signature, a->spkac, r)); + &a->sig_algor, a->signature, a->spkac, r)); } int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) { x->cert_info.enc.modified = 1; - return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info.signature, - x->sig_alg, x->signature, &x->cert_info, pkey, md)); + return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature, + &x->sig_alg, x->signature, &x->cert_info, pkey, md)); } int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) { x->cert_info.enc.modified = 1; return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF), - x->cert_info.signature, - x->sig_alg, x->signature, &x->cert_info, ctx); + &x->cert_info.signature, + &x->sig_alg, x->signature, &x->cert_info, ctx); } int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert) @@ -115,29 +115,29 @@ int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert) int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) { - return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), x->sig_alg, NULL, + return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL, x->signature, &x->req_info, pkey, md)); } int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx) { return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO), - x->sig_alg, NULL, x->signature, &x->req_info, + &x->sig_alg, NULL, x->signature, &x->req_info, ctx); } int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) { x->crl.enc.modified = 1; - return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl.sig_alg, - x->sig_alg, x->signature, &x->crl, pkey, md)); + return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg, + &x->sig_alg, x->signature, &x->crl, pkey, md)); } int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) { x->crl.enc.modified = 1; return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO), - x->crl.sig_alg, x->sig_alg, x->signature, + &x->crl.sig_alg, &x->sig_alg, x->signature, &x->crl, ctx); } @@ -150,7 +150,7 @@ int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl) int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) { - return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL, + return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL, x->signature, x->spkac, pkey, md)); } diff --git a/include/openssl/x509.h b/include/openssl/x509.h index c7c81ecbd38e690df2fc43b082dac9f2ef252311..f809d38e1a84a8b0e9b239a6ab846cfe77e6baeb 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -167,7 +167,7 @@ typedef struct X509_req_st X509_REQ; typedef struct x509_cinf_st { ASN1_INTEGER *version; /* [ 0 ] default of v1 */ ASN1_INTEGER *serialNumber; - X509_ALGOR *signature; + X509_ALGOR signature; X509_NAME *issuer; X509_VAL validity; X509_NAME *subject; @@ -182,7 +182,7 @@ typedef struct x509_cert_aux_st X509_CERT_AUX; struct x509_st { X509_CINF cert_info; - X509_ALGOR *sig_alg; + X509_ALGOR sig_alg; ASN1_BIT_STRING *signature; int valid; int references; @@ -375,7 +375,7 @@ typedef struct Netscape_spkac_st { typedef struct Netscape_spki_st { NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ - X509_ALGOR *sig_algor; + X509_ALGOR sig_algor; ASN1_BIT_STRING *signature; } NETSCAPE_SPKI; @@ -666,8 +666,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); int i2d_re_X509_tbs(X509 *x, unsigned char **pp); -void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, - const X509 *x); +void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509 *x); int X509_get_signature_nid(const X509 *x); int X509_alias_set1(X509 *x, unsigned char *name, int len); @@ -793,7 +792,7 @@ ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl); X509_NAME *X509_CRL_get_issuer(X509_CRL *crl); STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, - const X509_CRL *crl); + X509_CRL *crl); int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);