From 0318b051ee5e40e9a8d20da6a8a0468db1a6eb44 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 7 May 2018 20:38:20 -0400 Subject: [PATCH] Add some OpenSSL compatibility functions and hacks. Change-Id: Ie42e57441f5fd7d1557a7fc1c648cf3f28b9c4db Reviewed-on: https://boringssl-review.googlesource.com/28224 Commit-Queue: David Benjamin Commit-Queue: Adam Langley Reviewed-by: Adam Langley CQ-Verified: CQ bot account: commit-bot@chromium.org --- crypto/fipsmodule/ec/ec.c | 14 ++++++++++++++ crypto/x509/x509_req.c | 20 ++++++++++++++++++++ crypto/x509/x509_set.c | 5 +++++ crypto/x509/x509cset.c | 30 ++++++++++++++++++++++++++++++ crypto/x509/x_x509.c | 6 ++++++ include/openssl/ec.h | 5 +++++ include/openssl/evp.h | 10 ++++++++++ include/openssl/x509.h | 18 ++++++++++++++++++ 8 files changed, 108 insertions(+) diff --git a/crypto/fipsmodule/ec/ec.c b/crypto/fipsmodule/ec/ec.c index a937e277..b8a5f557 100644 --- a/crypto/fipsmodule/ec/ec.c +++ b/crypto/fipsmodule/ec/ec.c @@ -622,6 +622,20 @@ unsigned EC_GROUP_get_degree(const EC_GROUP *group) { return ec_GFp_simple_group_get_degree(group); } +const char *EC_curve_nid2nist(int nid) { + switch (nid) { + case NID_secp224r1: + return "P-224"; + case NID_X9_62_prime256v1: + return "P-256"; + case NID_secp384r1: + return "P-384"; + case NID_secp521r1: + return "P-521"; + } + return NULL; +} + EC_POINT *EC_POINT_new(const EC_GROUP *group) { if (group == NULL) { OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 69bc6f11..3a732617 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -320,3 +320,23 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, return 1; return 0; } + +void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg) +{ + if (psig != NULL) + *psig = req->signature; + if (palg != NULL) + *palg = req->sig_alg; +} + +int X509_REQ_get_signature_nid(const X509_REQ *req) +{ + return OBJ_obj2nid(req->sig_alg->algorithm); +} + +int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) +{ + req->req_info->enc.modified = 1; + return i2d_X509_REQ_INFO(req->req_info, pp); +} diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 413a20d0..0aa92bd8 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -162,3 +162,8 @@ STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x) { return x->cert_info->extensions; } + +const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) +{ + return x->cert_info->signature; +} diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index 2fd48a9c..fe269cdc 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -135,6 +135,25 @@ int X509_CRL_up_ref(X509_CRL *crl) return 1; } +void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg) +{ + if (psig != NULL) + *psig = crl->signature; + if (palg != NULL) + *palg = crl->sig_alg; +} + +int X509_CRL_get_signature_nid(const X509_CRL *crl) +{ + return OBJ_obj2nid(crl->sig_alg->algorithm); +} + +const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x) +{ + return x->revocationDate; +} + int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) { ASN1_TIME *in; @@ -152,6 +171,11 @@ int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) return (in != NULL); } +const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x) +{ + return x->serialNumber; +} + int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) { ASN1_INTEGER *in; @@ -168,3 +192,9 @@ int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) } return (in != NULL); } + +int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) +{ + crl->crl->enc.modified = 1; + return i2d_X509_CRL_INFO(crl->crl, pp); +} diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index 01464a1f..9ece062d 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -313,6 +313,12 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp) return length; } +int i2d_re_X509_tbs(X509 *x, unsigned char **pp) +{ + x->cert_info->enc.modified = 1; + return i2d_X509_CINF(x->cert_info, pp); +} + void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x) { diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 312a387c..69b30c59 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -154,6 +154,11 @@ OPENSSL_EXPORT int EC_GROUP_get_curve_name(const EC_GROUP *group); // element of the field underlying |group|. OPENSSL_EXPORT unsigned EC_GROUP_get_degree(const EC_GROUP *group); +// EC_curve_nid2nist returns the NIST name of the elliptic curve specified by +// |nid|, or NULL if |nid| is not a NIST curve. For example, it returns "P-256" +// for |NID_X9_62_prime256v1|. +OPENSSL_EXPORT const char *EC_curve_nid2nist(int nid); + // Points on elliptic curves. diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 7816b591..1dffb648 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -797,6 +797,16 @@ OPENSSL_EXPORT EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp, OPENSSL_EXPORT DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey); +// Preprocessor compatibility section (hidden). +// +// Historically, a number of APIs were implemented in OpenSSL as macros and +// constants to 'ctrl' functions. To avoid breaking #ifdefs in consumers, this +// section defines a number of legacy macros. + +#define EVP_PKEY_CTX_set_rsa_oaep_md EVP_PKEY_CTX_set_rsa_oaep_md +#define EVP_PKEY_CTX_set0_rsa_oaep_label EVP_PKEY_CTX_set0_rsa_oaep_label + + // Private structures. struct evp_pkey_st { diff --git a/include/openssl/x509.h b/include/openssl/x509.h index b336e0fc..65d68c4b 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -762,6 +762,8 @@ OPENSSL_EXPORT void *X509_get_ex_data(X509 *r, int idx); OPENSSL_EXPORT int i2d_X509_AUX(X509 *a,unsigned char **pp); OPENSSL_EXPORT X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length); +OPENSSL_EXPORT int i2d_re_X509_tbs(X509 *x, unsigned char **pp); + OPENSSL_EXPORT void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); OPENSSL_EXPORT int X509_get_signature_nid(const X509 *x); @@ -829,9 +831,15 @@ OPENSSL_EXPORT int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); OPENSSL_EXPORT EVP_PKEY * X509_get_pubkey(X509 *x); OPENSSL_EXPORT ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x); OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +OPENSSL_EXPORT const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); OPENSSL_EXPORT int X509_REQ_set_version(X509_REQ *x,long version); OPENSSL_EXPORT int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name); +OPENSSL_EXPORT void X509_REQ_get0_signature(const X509_REQ *req, + const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +OPENSSL_EXPORT int X509_REQ_get_signature_nid(const X509_REQ *req); +OPENSSL_EXPORT int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); OPENSSL_EXPORT int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); OPENSSL_EXPORT EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); OPENSSL_EXPORT int X509_REQ_extension_nid(int nid); @@ -866,7 +874,17 @@ OPENSSL_EXPORT int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); OPENSSL_EXPORT int X509_CRL_sort(X509_CRL *crl); OPENSSL_EXPORT int X509_CRL_up_ref(X509_CRL *crl); +OPENSSL_EXPORT void X509_CRL_get0_signature(const X509_CRL *crl, + const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +OPENSSL_EXPORT int X509_CRL_get_signature_nid(const X509_CRL *crl); +OPENSSL_EXPORT int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); + +OPENSSL_EXPORT const ASN1_INTEGER *X509_REVOKED_get0_serialNumber( + const X509_REVOKED *x); OPENSSL_EXPORT int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); +OPENSSL_EXPORT const ASN1_TIME *X509_REVOKED_get0_revocationDate( + const X509_REVOKED *x); OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); OPENSSL_EXPORT X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,