The branch master has been updated
via 45dcb5cf3d8a67ad69aa4ce9bc0538f957257fcd (commit)
via 68c12bfc6601d40e85146f36f26fe8ff0472f36b (commit)
via 11222483d75c1e18fb53fe71b9a86fcfdb6d0725 (commit)
via 60c25873699285731cf3f2f5b6e5ade739e8862a (commit)
from a9c27fe19f159391aac7e591b64b44c1ea9d3642 (commit)
- Log -----------------------------------------------------------------
commit 45dcb5cf3d8a67ad69aa4ce9bc0538f957257fcd
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Thu Aug 18 15:26:47 2016 +0100
make update
Reviewed-by: Matt Caswell <m...@openssl.org>
commit 68c12bfc6601d40e85146f36f26fe8ff0472f36b
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Thu Aug 18 15:16:31 2016 +0100
Add X509_get0_serialNumber() and constify OCSP_cert_to_id()
Reviewed-by: Matt Caswell <m...@openssl.org>
commit 11222483d75c1e18fb53fe71b9a86fcfdb6d0725
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Thu Aug 18 15:13:00 2016 +0100
constify X509_REQ_get0_signature()
Reviewed-by: Matt Caswell <m...@openssl.org>
commit 60c25873699285731cf3f2f5b6e5ade739e8862a
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Thu Aug 18 13:59:32 2016 +0100
constify i2o_ECPublicKey
Reviewed-by: Matt Caswell <m...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/ec/ec_asn1.c | 2 +-
crypto/ocsp/ocsp_lib.c | 13 +++++++------
crypto/x509/t_req.c | 6 +++---
crypto/x509/x509_cmp.c | 5 +++++
crypto/x509/x509_req.c | 4 ++--
doc/crypto/X509_get0_signature.pod | 5 +++--
doc/crypto/X509_get_serialNumber.pod | 15 +++++++++++----
include/openssl/ec.h | 2 +-
include/openssl/ocsp.h | 9 +++++----
include/openssl/x509.h | 5 +++--
util/libcrypto.num | 1 +
11 files changed, 42 insertions(+), 25 deletions(-)
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index e10deff..e911b2b 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1125,7 +1125,7 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char
**in, long len)
return ret;
}
-int i2o_ECPublicKey(EC_KEY *a, unsigned char **out)
+int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out)
{
size_t buf_len = 0;
int new_buffer = 0;
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 5ff2f31..8edd70a 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -19,16 +19,17 @@
/* Convert a certificate and its issuer to an OCSP_CERTID */
-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
+ const X509 *issuer)
{
X509_NAME *iname;
- ASN1_INTEGER *serial;
+ const ASN1_INTEGER *serial;
ASN1_BIT_STRING *ikey;
if (!dgst)
dgst = EVP_sha1();
if (subject) {
iname = X509_get_issuer_name(subject);
- serial = X509_get_serialNumber(subject);
+ serial = X509_get0_serialNumber(subject);
} else {
iname = X509_get_subject_name(issuer);
serial = NULL;
@@ -38,9 +39,9 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509
*subject, X509 *issuer)
}
OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
- X509_NAME *issuerName,
- ASN1_BIT_STRING *issuerKey,
- ASN1_INTEGER *serialNumber)
+ const X509_NAME *issuerName,
+ const ASN1_BIT_STRING *issuerKey,
+ const ASN1_INTEGER *serialNumber)
{
int nid;
unsigned int i;
diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c
index dbe4be3..0fced67 100644
--- a/crypto/x509/t_req.c
+++ b/crypto/x509/t_req.c
@@ -174,9 +174,9 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long
nmflags,
}
if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
- X509_ALGOR *sig_alg;
- ASN1_BIT_STRING *sig;
- X509_REQ_get0_signature(&sig, &sig_alg, x);
+ const X509_ALGOR *sig_alg;
+ const ASN1_BIT_STRING *sig;
+ X509_REQ_get0_signature(x, &sig, &sig_alg);
if (!X509_signature_print(bp, sig_alg, sig))
goto err;
}
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index a33fd47..0105635 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -107,6 +107,11 @@ ASN1_INTEGER *X509_get_serialNumber(X509 *a)
return &a->cert_info.serialNumber;
}
+const ASN1_INTEGER *X509_get0_serialNumber(const X509 *a)
+{
+ return &a->cert_info.serialNumber;
+}
+
unsigned long X509_subject_name_hash(X509 *x)
{
return (X509_NAME_hash(x->cert_info.subject));
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index e7c2ae8..7b88dbc 100644
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -277,8 +277,8 @@ X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req)
return req->req_info.subject;
}
-void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
- X509_REQ *req)
+void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
+ const X509_ALGOR **palg)
{
if (psig != NULL)
*psig = req->signature;
diff --git a/doc/crypto/X509_get0_signature.pod
b/doc/crypto/X509_get0_signature.pod
index 0741dfb..61a2dda 100644
--- a/doc/crypto/X509_get0_signature.pod
+++ b/doc/crypto/X509_get0_signature.pod
@@ -16,8 +16,9 @@ X509_CRL_get_signature_nid - signature information
int X509_get_signature_nid(const X509 *x);
const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
- void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
- const X509_REQ *crl);
+ void X509_REQ_get0_signature(const X509_REQ *crl,
+ const ASN1_BIT_STRING **psig,
+ const X509_ALGOR **palg);
int X509_REQ_get_signature_nid(const X509_REQ *crl);
void X509_CRL_get0_signature(const X509_CRL *crl,
diff --git a/doc/crypto/X509_get_serialNumber.pod
b/doc/crypto/X509_get_serialNumber.pod
index 4f1b033..2e81c62 100644
--- a/doc/crypto/X509_get_serialNumber.pod
+++ b/doc/crypto/X509_get_serialNumber.pod
@@ -2,14 +2,17 @@
=head1 NAME
-X509_get_serialNumber, X509_set_serialNumber - get or set certificate serial
-number
+X509_get_serialNumber,
+X509_get0_serialNumber,
+X509_set_serialNumber
+- get or set certificate serial number
=head1 SYNOPSIS
#include <openssl/x509.h>
ASN1_INTEGER *X509_get_serialNumber(X509 *x);
+ const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
=head1 DESCRIPTION
@@ -18,13 +21,17 @@ X509_get_serialNumber() returns the serial number of
certificate B<x> as an
B<ASN1_INTEGER> structure which can be examined or initialised. The value
returned is an internal pointer which B<MUST NOT> be freed up after the call.
+X509_get0_serialNumber() is the same as X509_get_serialNumber() except it
+accepts a const parameter and returns a const result.
+
X509_set_serialNumber() sets the serial number of certificate B<x> to
B<serial>. A copy of the serial number is used internally so B<serial> should
be freed up after use.
=head1 RETURN VALUES
-X509_get_serialNumber() returns an B<ASN1_INTEGER> structure.
+X509_get_serialNumber() and X509_get0_serialNumber() return an B<ASN1_INTEGER>
+structure.
X509_set_serialNumber() returns 1 for success and 0 for failure.
@@ -50,7 +57,7 @@ L<X509_verify_cert(3)>
=head1 HISTORY
X509_get_serialNumber() and X509_set_serialNumber() are available in
-all versions of OpenSSL.
+all versions of OpenSSL. X509_get0_serialNumber() was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 4a8b832..b6db22d 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -987,7 +987,7 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char
**in, long len);
* of bytes needed).
* \return 1 on success and 0 if an error occurred
*/
-int i2o_ECPublicKey(EC_KEY *key, unsigned char **out);
+int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out);
/** Prints out the ec parameters on human readable form.
* \param bp BIO object to which the information is printed
diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h
index a1e4e88..44f7195 100644
--- a/include/openssl/ocsp.h
+++ b/include/openssl/ocsp.h
@@ -182,12 +182,13 @@ int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx,
OCSP_REQUEST *req);
int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
const char *name, const char *value);
-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
+ const X509 *issuer);
OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
- X509_NAME *issuerName,
- ASN1_BIT_STRING *issuerKey,
- ASN1_INTEGER *serialNumber);
+ const X509_NAME *issuerName,
+ const ASN1_BIT_STRING *issuerKey,
+ const ASN1_INTEGER *serialNumber);
OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 48de4de..fe7fd78 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -617,6 +617,7 @@ long X509_get_version(const X509 *x);
int X509_set_version(X509 *x, long version);
int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
ASN1_INTEGER *X509_get_serialNumber(X509 *x);
+const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
int X509_set_issuer_name(X509 *x, X509_NAME *name);
X509_NAME *X509_get_issuer_name(const X509 *a);
int X509_set_subject_name(X509 *x, X509_NAME *name);
@@ -647,8 +648,8 @@ long X509_REQ_get_version(const X509_REQ *req);
int X509_REQ_set_version(X509_REQ *x, long version);
X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
-void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
- X509_REQ *req);
+void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
+ const X509_ALGOR **palg);
int X509_REQ_get_signature_nid(const X509_REQ *req);
int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index a55fbff..20c9dfb 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4192,3 +4192,4 @@ EVP_PKEY_set1_tls_encodedpoint 4138 1_1_0
EXIST::FUNCTION:
EVP_PKEY_get1_tls_encodedpoint 4139 1_1_0 EXIST::FUNCTION:
ASN1_STRING_get0_data 4140 1_1_0 EXIST::FUNCTION:
X509_SIG_get0_mutable 4141 1_1_0 EXIST::FUNCTION:
+X509_get0_serialNumber 4142 1_1_0 EXIST::FUNCTION:
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
