The branch master has been updated via 0f022f5a2201a591da7d373ebeeb7d29bdcaf95a (commit) via 34d4d74575236245c7e133d121eb2302c18b21f1 (commit) via 17ebf85abda18c3875b1ba6670fe7b393bc1f297 (commit) from 1940aa6e6b51147df10a5bffcaaa2b9904209184 (commit)
- Log ----------------------------------------------------------------- commit 0f022f5a2201a591da7d373ebeeb7d29bdcaf95a Author: Dr. Stephen Henson <st...@openssl.org> Date: Tue Aug 16 15:19:55 2016 +0100 Corrupt signature earlier. If -badsig is selected corrupt the signature before printing out any details so the output reflects the modified signature. Reviewed-by: Rich Salz <rs...@openssl.org> commit 34d4d74575236245c7e133d121eb2302c18b21f1 Author: Dr. Stephen Henson <st...@openssl.org> Date: Tue Aug 16 15:08:06 2016 +0100 make update Reviewed-by: Rich Salz <rs...@openssl.org> commit 17ebf85abda18c3875b1ba6670fe7b393bc1f297 Author: Dr. Stephen Henson <st...@openssl.org> Date: Tue Aug 16 14:06:48 2016 +0100 Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data(). Deprecate the function ASN1_STRING_data() and replace with a new function ASN1_STRING_get0_data() which returns a constant pointer. Update library to use new function. Reviewed-by: Rich Salz <rs...@openssl.org> ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 16 +++++++++++++++- apps/apps.h | 2 ++ apps/ca.c | 2 +- apps/cms.c | 4 ++-- apps/crl.c | 16 ++++++++-------- apps/ocsp.c | 4 ++-- apps/x509.c | 15 +++++++-------- crypto/asn1/asn1_lib.c | 7 +++++++ crypto/asn1/evp_asn1.c | 6 +++--- crypto/asn1/p5_pbe.c | 11 ++++++++--- crypto/asn1/p8_pkey.c | 2 +- crypto/ct/ct_prn.c | 2 +- crypto/dh/dh_ameth.c | 6 +++--- crypto/ec/ec_ameth.c | 2 +- crypto/ec/ec_asn1.c | 4 ++-- crypto/ec/ecx_meth.c | 2 +- crypto/pkcs12/p12_mutl.c | 2 +- crypto/ts/ts_lib.c | 2 +- crypto/ts/ts_rsp_verify.c | 4 ++-- crypto/ts/ts_verify_ctx.c | 2 +- crypto/x509/t_x509.c | 5 +++-- crypto/x509v3/v3_lib.c | 2 +- crypto/x509v3/v3_prn.c | 2 +- doc/crypto/ASN1_STRING_length.pod | 11 ++++++++--- include/openssl/asn1.h | 3 ++- util/libcrypto.num | 3 ++- 26 files changed, 86 insertions(+), 51 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 746f565..17a9fdc 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1938,7 +1938,7 @@ static const char *get_dp_url(DIST_POINT *dp) gen = sk_GENERAL_NAME_value(gens, i); uri = GENERAL_NAME_get0_value(gen, >ype); if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) { - char *uptr = (char *)ASN1_STRING_data(uri); + const char *uptr = (const char *)ASN1_STRING_get0_data(uri); if (strncmp(uptr, "http://", 7) == 0) return uptr; } @@ -2581,3 +2581,17 @@ int has_stdin_waiting(void) return _kbhit(); } #endif + +/* Corrupt a signature by modifying final byte */ +int corrupt_signature(ASN1_STRING *signature) +{ + unsigned char *s; + size_t slen = ASN1_STRING_length(signature); + + s = OPENSSL_memdup(ASN1_STRING_get0_data(signature), slen); + if (s == NULL) + return 0; + s[slen - 1] ^= 0x1; + ASN1_STRING_set0(signature, s, slen); + return 1; +} diff --git a/apps/apps.h b/apps/apps.h index 33a2f68..8fb6f44 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -71,6 +71,8 @@ void wait_for_async(SSL *s); int has_stdin_waiting(void); # endif +int corrupt_signature(ASN1_STRING *signature); + /* * Common verification options. */ diff --git a/apps/ca.c b/apps/ca.c index 331c136..4b4b37d 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -988,7 +988,7 @@ end_of_options: x = sk_X509_value(cert_sk, i); j = ASN1_STRING_length(serialNumber); - p = (const char *)ASN1_STRING_data(serialNumber); + p = (const char *)ASN1_STRING_get0_data(serialNumber); if (strlen(outdir) >= (size_t)(j ? BSIZE - j * 2 - 6 : BSIZE - 8)) { BIO_printf(bio_err, "certificate file name too long\n"); diff --git a/apps/cms.c b/apps/cms.c index 5899760..b5ae970 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -1177,13 +1177,13 @@ static void receipt_request_print(CMS_ContentInfo *cms) BIO_puts(bio_err, " Receipt Request Parse Error\n"); ERR_print_errors(bio_err); } else { - char *id; + const char *id; int idlen; CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, &rlist, &rto); BIO_puts(bio_err, " Signed Content ID:\n"); idlen = ASN1_STRING_length(scid); - id = (char *)ASN1_STRING_data(scid); + id = (const char *)ASN1_STRING_get0_data(scid); BIO_dump_indent(bio_err, id, idlen, 4); BIO_puts(bio_err, " Receipts From"); if (rlist) { diff --git a/apps/crl.c b/apps/crl.c index 3e30bdc..0140ff7 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -249,6 +249,14 @@ int crl_main(int argc, char **argv) } } + if (badsig) { + ASN1_BIT_STRING *sig; + + X509_CRL_get0_signature(&sig, NULL, x); + if (!corrupt_signature(sig)) + goto end; + } + if (num) { for (i = 1; i <= num; i++) { if (issuer == i) { @@ -319,14 +327,6 @@ int crl_main(int argc, char **argv) goto end; } - if (badsig) { - ASN1_BIT_STRING *sig; - unsigned char *psig; - X509_CRL_get0_signature(&sig, NULL, x); - psig = ASN1_STRING_data(sig); - psig[ASN1_STRING_length(sig) - 1] ^= 0x1; - } - if (outformat == FORMAT_ASN1) i = (int)i2d_X509_CRL_bio(out, x); else diff --git a/apps/ocsp.c b/apps/ocsp.c index 1cb11b2..1766878 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -951,8 +951,8 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, if (badsig) { ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs); - unsigned char *sigptr = ASN1_STRING_data(sig); - sigptr[ASN1_STRING_length(sig) - 1] ^= 0x1; + if (!corrupt_signature(sig)) + goto end; } *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); diff --git a/apps/x509.c b/apps/x509.c index ed49c4e..23265b2 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -603,6 +603,13 @@ int x509_main(int argc, char **argv) objtmp = NULL; } + if (badsig) { + ASN1_BIT_STRING *signature; + X509_get0_signature(&signature, NULL, x); + if (!corrupt_signature(signature)) + goto end; + } + if (num) { for (i = 1; i <= num; i++) { if (issuer == i) { @@ -847,14 +854,6 @@ int x509_main(int argc, char **argv) goto end; } - if (badsig) { - ASN1_BIT_STRING *signature; - unsigned char *s; - X509_get0_signature(&signature, NULL, x); - s = ASN1_STRING_data(signature); - s[ASN1_STRING_length(signature) - 1] ^= 0x1; - } - if (outformat == FORMAT_ASN1) i = i2d_X509_bio(out, x); else if (outformat == FORMAT_PEM) { diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 1b52107..f2f07ac 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -363,7 +363,14 @@ int ASN1_STRING_type(const ASN1_STRING *x) return x->type; } +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) +{ + return x->data; +} + +# if OPENSSL_API_COMPAT < 0x10100000L unsigned char *ASN1_STRING_data(ASN1_STRING *x) { return x->data; } +#endif diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c index ad3a5bc..a458367 100644 --- a/crypto/asn1/evp_asn1.c +++ b/crypto/asn1/evp_asn1.c @@ -30,13 +30,13 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len) { int ret, num; - unsigned char *p; + const unsigned char *p; if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) { ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG); return (-1); } - p = ASN1_STRING_data(a->value.octet_string); + p = ASN1_STRING_get0_data(a->value.octet_string); ret = ASN1_STRING_length(a->value.octet_string); if (ret < max_len) num = ret; @@ -105,7 +105,7 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, n = max_len; if (data != NULL) - memcpy(data, ASN1_STRING_data(atmp->oct), n); + memcpy(data, ASN1_STRING_get0_data(atmp->oct), n); if (ret == -1) { err: ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG); diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c index 92da23e..ab7e168 100644 --- a/crypto/asn1/p5_pbe.c +++ b/crypto/asn1/p5_pbe.c @@ -29,7 +29,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, { PBEPARAM *pbe = NULL; ASN1_STRING *pbe_str = NULL; - unsigned char *sstr; + unsigned char *sstr = NULL; pbe = PBEPARAM_new(); if (pbe == NULL) { @@ -44,16 +44,20 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, } if (!saltlen) saltlen = PKCS5_SALT_LEN; - if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) { + + sstr = OPENSSL_malloc(saltlen); + if (sstr == NULL) { ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); goto err; } - sstr = ASN1_STRING_data(pbe->salt); if (salt) memcpy(sstr, salt, saltlen); else if (RAND_bytes(sstr, saltlen) <= 0) goto err; + ASN1_STRING_set0(pbe->salt, sstr, saltlen); + sstr = NULL; + if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) { ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); goto err; @@ -66,6 +70,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, return 1; err: + OPENSSL_free(sstr); PBEPARAM_free(pbe); ASN1_STRING_free(pbe_str); return 0; diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c index ebee6b5..c08aa85 100644 --- a/crypto/asn1/p8_pkey.c +++ b/crypto/asn1/p8_pkey.c @@ -57,7 +57,7 @@ int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, if (ppkalg) *ppkalg = p8->pkeyalg->algorithm; if (pk) { - *pk = ASN1_STRING_data(p8->pkey); + *pk = ASN1_STRING_get0_data(p8->pkey); *ppklen = ASN1_STRING_length(p8->pkey); } if (pa) diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c index 2786746..376e045 100644 --- a/crypto/ct/ct_prn.c +++ b/crypto/ct/ct_prn.c @@ -41,7 +41,7 @@ static void timestamp_print(uint64_t timestamp, BIO *out) * characters long with a final Z. Update it with fractional seconds. */ BIO_snprintf(genstr, sizeof(genstr), "%.14s.%03dZ", - ASN1_STRING_data(gen), (unsigned int)(timestamp % 1000)); + ASN1_STRING_get0_data(gen), (unsigned int)(timestamp % 1000)); if (ASN1_GENERALIZEDTIME_set_string(gen, genstr)) ASN1_GENERALIZEDTIME_print(out, gen); ASN1_GENERALIZEDTIME_free(gen); diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 78aea36..2e67eeb 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -600,7 +600,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, dhpeer = DHparams_dup(pk->pkey.dh); /* We have parameters now set public key */ plen = ASN1_STRING_length(pubkey); - p = ASN1_STRING_data(pubkey); + p = ASN1_STRING_get0_data(pubkey); if (!p || !plen) goto err; @@ -690,7 +690,7 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) if (ukm) { dukmlen = ASN1_STRING_length(ukm); - dukm = OPENSSL_memdup(ASN1_STRING_data(ukm), dukmlen); + dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen); if (!dukm) goto err; } @@ -834,7 +834,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) if (ukm) { dukmlen = ASN1_STRING_length(ukm); - dukm = OPENSSL_memdup(ASN1_STRING_data(ukm), dukmlen); + dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen); if (!dukm) goto err; } diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index f6a3f5c..44dfbb4 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -593,7 +593,7 @@ static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx, } /* We have parameters now set public key */ plen = ASN1_STRING_length(pubkey); - p = ASN1_STRING_data(pubkey); + p = ASN1_STRING_get0_data(pubkey); if (!p || !plen) goto err; if (!o2i_ECPublicKey(&ecpeer, &p, plen)) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 8714a4b..e10deff 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -948,7 +948,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) if (priv_key->privateKey) { ASN1_OCTET_STRING *pkey = priv_key->privateKey; - if (EC_KEY_oct2priv(ret, ASN1_STRING_data(pkey), + if (EC_KEY_oct2priv(ret, ASN1_STRING_get0_data(pkey), ASN1_STRING_length(pkey)) == 0) goto err; } else { @@ -967,7 +967,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) const unsigned char *pub_oct; int pub_oct_len; - pub_oct = ASN1_STRING_data(priv_key->publicKey); + pub_oct = ASN1_STRING_get0_data(priv_key->publicKey); pub_oct_len = ASN1_STRING_length(priv_key->publicKey); if (!EC_KEY_oct2key(ret, pub_oct, pub_oct_len, NULL)) { ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index 354d387..f717951 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -151,7 +151,7 @@ static int ecx_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) p = NULL; plen = 0; } else { - p = ASN1_STRING_data(oct); + p = ASN1_STRING_get0_data(oct); plen = ASN1_STRING_length(oct); } diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 9bd672a..9c0c4df 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -143,7 +143,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) } X509_SIG_get0(NULL, &macoct, p12->mac->dinfo); if ((maclen != (unsigned int)ASN1_STRING_length(macoct)) - || CRYPTO_memcmp(mac, ASN1_STRING_data(macoct), maclen)) + || CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen)) return 0; return 1; } diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c index e18f1f3..99c0580 100644 --- a/crypto/ts/ts_lib.c +++ b/crypto/ts/ts_lib.c @@ -85,7 +85,7 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a) BIO_printf(bio, "Message data:\n"); msg = a->hashed_msg; - BIO_dump_indent(bio, (const char *)ASN1_STRING_data(msg), + BIO_dump_indent(bio, (const char *)ASN1_STRING_get0_data(msg), ASN1_STRING_length(msg), 4); return 1; diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 99f664b..2755dd0 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -472,7 +472,7 @@ static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) length = ASN1_STRING_length(current); if (i > 0) *p++ = '/'; - strncpy(p, (const char *)ASN1_STRING_data(current), length); + strncpy(p, (const char *)ASN1_STRING_get0_data(current), length); p += length; } *p = '\0'; @@ -568,7 +568,7 @@ static int ts_check_imprints(X509_ALGOR *algor_a, } ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) && - memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0; + memcmp(imprint_a, ASN1_STRING_get0_data(b->hashed_msg), len_a) == 0; err: if (!ret) TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH); diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 141385d..d4792ee 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -128,7 +128,7 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) ret->imprint_len = ASN1_STRING_length(msg); if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL) goto err; - memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len); + memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len); if ((nonce = req->nonce) != NULL) { if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL) diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 5fbe767..c96ada8 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -248,8 +248,9 @@ int X509_ocspid_print(BIO *bp, X509 *x) if (keybstr == NULL) goto err; - if (!EVP_Digest(ASN1_STRING_data(keybstr), ASN1_STRING_length(keybstr), - SHA1md, NULL, EVP_sha1(), NULL)) + if (!EVP_Digest(ASN1_STRING_get0_data(keybstr), + ASN1_STRING_length(keybstr), SHA1md, NULL, EVP_sha1(), + NULL)) goto err; for (i = 0; i < SHA_DIGEST_LENGTH; i++) { if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index 25d019e..a3ca720 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -203,7 +203,7 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) if ((method = X509V3_EXT_get(ext)) == NULL) return NULL; extvalue = X509_EXTENSION_get_data(ext); - p = ASN1_STRING_data(extvalue); + p = ASN1_STRING_get0_data(extvalue); extlen = ASN1_STRING_length(extvalue); if (method->it) return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it)); diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index 3048b67..4b1d0c3 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -79,7 +79,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int ok = 1; extoct = X509_EXTENSION_get_data(ext); - p = ASN1_STRING_data(extoct); + p = ASN1_STRING_get0_data(extoct); extlen = ASN1_STRING_length(extoct); if ((method = X509V3_EXT_get(ext)) == NULL) diff --git a/doc/crypto/ASN1_STRING_length.pod b/doc/crypto/ASN1_STRING_length.pod index a57de1c..26cb176 100644 --- a/doc/crypto/ASN1_STRING_length.pod +++ b/doc/crypto/ASN1_STRING_length.pod @@ -3,14 +3,15 @@ =head1 NAME ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, -ASN1_STRING_type, ASN1_STRING_data, ASN1_STRING_to_UTF8 - -ASN1_STRING utility functions +ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data, +ASN1_STRING_to_UTF8 - ASN1_STRING utility functions =head1 SYNOPSIS #include <openssl/asn1.h> int ASN1_STRING_length(ASN1_STRING *x); + const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x); unsigned char * ASN1_STRING_data(ASN1_STRING *x); ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); @@ -29,10 +30,14 @@ These functions allow an B<ASN1_STRING> structure to be manipulated. ASN1_STRING_length() returns the length of the content of B<x>. -ASN1_STRING_data() returns an internal pointer to the data of B<x>. +ASN1_STRING_get0_data() returns an internal pointer to the data of B<x>. Since this is an internal pointer it should B<not> be freed or modified in any way. +ASN1_STRING_data() is similar to ASN1_STRING_get0_data() except the +returned value is not constant. This function is deprecated: +applications should use ASN1_STRING_get0_data() instead. + ASN1_STRING_dup() returns a copy of the structure B<a>. ASN1_STRING_cmp() compares B<a> and B<b> returning 0 if the two diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index fcf6de9..40526fb 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -550,7 +550,8 @@ void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); int ASN1_STRING_length(const ASN1_STRING *x); void ASN1_STRING_length_set(ASN1_STRING *x, int n); int ASN1_STRING_type(const ASN1_STRING *x); -unsigned char *ASN1_STRING_data(ASN1_STRING *x); +DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x)) +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); diff --git a/util/libcrypto.num b/util/libcrypto.num index 6064c98..7fb02f7 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -527,7 +527,7 @@ BN_set_negative 527 1_1_0 EXIST::FUNCTION: i2d_TS_RESP_bio 528 1_1_0 EXIST::FUNCTION:TS ASYNC_WAIT_CTX_set_wait_fd 529 1_1_0 EXIST::FUNCTION: ERR_func_error_string 530 1_1_0 EXIST::FUNCTION: -ASN1_STRING_data 531 1_1_0 EXIST::FUNCTION: +ASN1_STRING_data 531 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0 X509_CRL_add1_ext_i2d 532 1_1_0 EXIST::FUNCTION: i2d_TS_TST_INFO 533 1_1_0 EXIST::FUNCTION:TS OBJ_sigid_free 534 1_1_0 EXIST::FUNCTION: @@ -4190,3 +4190,4 @@ X509_get_proxy_pathlen 4136 1_1_0 EXIST::FUNCTION: DSA_bits 4137 1_1_0 EXIST::FUNCTION:DSA EVP_PKEY_set1_tls_encodedpoint 4138 1_1_0 EXIST::FUNCTION: EVP_PKEY_get1_tls_encodedpoint 4139 1_1_0 EXIST::FUNCTION: +ASN1_STRING_get0_data 4140 1_1_0 EXIST::FUNCTION: _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits