mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add ossl_ x509 symbols

Browse Source 
Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
This commit is contained in:
Shane Lontis 2021-03-09 14:18:03 +10:00
parent 6dd4b77a85
commit 4669015d7b
21 changed files with 79 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/cmp/cmp_ctx.c
View File

@ -607,7 +607,7 @@ int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, const TYPE *val) \
return 1; \
}
#define X509_invalid(cert) (!x509v3_cache_extensions(cert))
#define X509_invalid(cert) (!ossl_x509v3_cache_extensions(cert))
#define EVP_PKEY_invalid(key) 0
#define DEFINE_OSSL_CMP_CTX_set1_up_ref(FIELD, TYPE) \
int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, TYPE *val) \

2
crypto/cmp/cmp_msg.c
View File

@ -1027,7 +1027,7 @@ X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep,
if (crt == NULL)
ERR_raise(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_FOUND);
else
(void)x509_set0_libctx(crt, ctx->libctx, ctx->propq);
(void)ossl_x509_set0_libctx(crt, ctx->libctx, ctx->propq);
return crt;
}

4
crypto/cmp/cmp_vfy.c
View File

@ -58,7 +58,7 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
}
sig_err:
res = x509_print_ex_brief(bio, cert, X509_FLAG_NO_EXTENSIONS);
res = ossl_x509_print_ex_brief(bio, cert, X509_FLAG_NO_EXTENSIONS);
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_VALIDATING_SIGNATURE);
if (res)
ERR_add_error_mem_bio("\n", bio);
@ -266,7 +266,7 @@ static int cert_acceptable(const OSSL_CMP_CTX *ctx,
if (!check_kid(ctx, X509_get0_subject_key_id(cert), msg->header->senderKID))
return 0;
/* prevent misleading error later in case x509v3_cache_extensions() fails */
if (!x509v3_cache_extensions(cert)) {
if (!ossl_x509v3_cache_extensions(cert)) {
ossl_cmp_warn(ctx, "cert appears to be invalid");
return 0;
}

6
crypto/cms/cms_env.c
View File

@ -181,9 +181,9 @@ void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms)
break;
case CMS_RECIPINFO_TRANS:
ri->d.ktri->cms_ctx = ctx;
x509_set0_libctx(ri->d.ktri->recip,
ossl_cms_ctx_get0_libctx(ctx),
ossl_cms_ctx_get0_propq(ctx));
ossl_x509_set0_libctx(ri->d.ktri->recip,
ossl_cms_ctx_get0_libctx(ctx),
ossl_cms_ctx_get0_propq(ctx));
break;
case CMS_RECIPINFO_KEK:
ri->d.kekri->cms_ctx = ctx;

2
crypto/cms/cms_lib.c
View File

@ -105,7 +105,7 @@ void ossl_cms_resolve_libctx(CMS_ContentInfo *ci)
for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
cch = sk_CMS_CertificateChoices_value(*pcerts, i);
if (cch->type == CMS_CERTCHOICE_CERT)
x509_set0_libctx(cch->d.certificate, libctx, propq);
ossl_x509_set0_libctx(cch->d.certificate, libctx, propq);
}
}
}

2
crypto/ec/ec_ameth.c
View File

@ -158,7 +158,7 @@ static int eckey_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey)
OSSL_LIB_CTX *libctx = NULL;
const char *propq = NULL;
if (!X509_PUBKEY_get0_libctx(&libctx, &propq, pubkey)
if (!ossl_x509_PUBKEY_get0_libctx(&libctx, &propq, pubkey)
|| !X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
return 0;
X509_ALGOR_get0(NULL, &ptype, &pval, palg);

2
crypto/ess/ess_lib.c
View File

@ -57,7 +57,7 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed)
unsigned char cert_sha1[SHA_DIGEST_LENGTH];
/* Call for side-effect of computing hash and caching extensions */
if (!x509v3_cache_extensions(cert))
if (!ossl_x509v3_cache_extensions(cert))
return NULL;
if ((cid = ESS_CERT_ID_new()) == NULL)

4
crypto/pkcs7/pk7_lib.c
View File

@ -439,12 +439,12 @@ void ossl_pkcs7_resolve_libctx(PKCS7 *p7)
return;
for (i = 0; i < sk_X509_num(certs); i++)
x509_set0_libctx(sk_X509_value(certs, i), libctx, propq);
ossl_x509_set0_libctx(sk_X509_value(certs, i), libctx, propq);
for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rinfos); i++) {
PKCS7_RECIP_INFO *ri = sk_PKCS7_RECIP_INFO_value(rinfos, i);
x509_set0_libctx(ri->cert, libctx, propq);
ossl_x509_set0_libctx(ri->cert, libctx, propq);
}
for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {

4
crypto/store/store_result.c
View File

@ -483,7 +483,7 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
/* We determined the object type */
data->object_type = OSSL_OBJECT_CERT;
if (cert != NULL && !x509_set0_libctx(cert, libctx, propq)) {
if (cert != NULL && !ossl_x509_set0_libctx(cert, libctx, propq)) {
X509_free(cert);
cert = NULL;
}
@ -510,7 +510,7 @@ static int try_crl(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
/* We determined the object type */
data->object_type = OSSL_OBJECT_CRL;
if (crl != NULL && !x509_crl_set0_libctx(crl, libctx, propq)) {
if (crl != NULL && !ossl_x509_crl_set0_libctx(crl, libctx, propq)) {
X509_CRL_free(crl);
crl = NULL;
}

8
crypto/x509/t_x509.c
View File

@ -386,7 +386,7 @@ int X509_aux_print(BIO *out, X509 *x, int indent)
* Helper functions for improving certificate verification error diagnostics
*/
int x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags)
int ossl_x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags)
{
unsigned long flags = ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE |
XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN;
@ -428,7 +428,7 @@ static int print_certs(BIO *bio, const STACK_OF(X509) *certs)
X509 *cert = sk_X509_value(certs, i);
if (cert != NULL) {
if (!x509_print_ex_brief(bio, cert, 0))
if (!ossl_x509_print_ex_brief(bio, cert, 0))
return 0;
if (!X509V3_extensions_print(bio, NULL,
X509_get0_extensions(cert),
@ -495,8 +495,8 @@ int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx)
}
BIO_printf(bio, "Failure for:\n");
x509_print_ex_brief(bio, X509_STORE_CTX_get_current_cert(ctx),
X509_FLAG_NO_EXTENSIONS);
ossl_x509_print_ex_brief(bio, X509_STORE_CTX_get_current_cert(ctx),
X509_FLAG_NO_EXTENSIONS);
if (cert_error == X509_V_ERR_CERT_UNTRUSTED
|| cert_error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
|| cert_error == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN

26
crypto/x509/v3_purp.c
View File

@ -83,7 +83,7 @@ int X509_check_purpose(X509 *x, int id, int require_ca)
int idx;
const X509_PURPOSE *pt;
if (!x509v3_cache_extensions(x))
if (!ossl_x509v3_cache_extensions(x))
return -1;
if (id == -1)
return 1;
@ -395,7 +395,7 @@ static int check_sig_alg_match(const EVP_PKEY *issuer_key, const X509 *subject)
* X509_SIG_INFO_VALID is set in x->flags if x->siginf was filled successfully.
* Set EXFLAG_INVALID and return 0 in case the certificate is invalid.
*/
int x509v3_cache_extensions(X509 *x)
int ossl_x509v3_cache_extensions(X509 *x)
{
BASIC_CONSTRAINTS *bs;
PROXY_CERT_INFO_EXTENSION *pci;
@ -559,7 +559,7 @@ int x509v3_cache_extensions(X509 *x)
/* .. and the signature alg matches the PUBKEY alg: */
&& check_sig_alg_match(X509_get0_pubkey(x), x) == X509_V_OK)
x->ex_flags |= EXFLAG_SS; /* indicate self-signed */
/* This is very related to x509_likely_issued(x, x) == X509_V_OK */
/* This is very related to ossl_x509_likely_issued(x, x) == X509_V_OK */
}
/* Handle subject alternative names and various other extensions */
@ -616,7 +616,7 @@ int x509v3_cache_extensions(X509 *x)
}
/* Set x->siginf, ignoring errors due to unsupported algos */
(void)x509_init_sig_info(x);
(void)ossl_x509_init_sig_info(x);
x->ex_flags |= EXFLAG_SET; /* Indicate that cert has been processed */
#ifdef tsan_st_rel
@ -692,7 +692,7 @@ void X509_set_proxy_pathlen(X509 *x, long l)
int X509_check_ca(X509 *x)
{
/* Note 0 normally means "not a CA" - but in this case means error. */
if (!x509v3_cache_extensions(x))
if (!ossl_x509v3_cache_extensions(x))
return 0;
return check_ca(x);
@ -904,13 +904,13 @@ int X509_check_issued(X509 *issuer, X509 *subject)
{
int ret;
if ((ret = x509_likely_issued(issuer, subject)) != X509_V_OK)
if ((ret = ossl_x509_likely_issued(issuer, subject)) != X509_V_OK)
return ret;
return x509_signing_allowed(issuer, subject);
return ossl_x509_signing_allowed(issuer, subject);
}
/* Do the checks 1., 2., and 3. as described above for X509_check_issued() */
int x509_likely_issued(X509 *issuer, X509 *subject)
/* do the checks 1., 2., and 3. as described above for X509_check_issued() */
int ossl_x509_likely_issued(X509 *issuer, X509 *subject)
{
int ret;
@ -918,9 +918,9 @@ int x509_likely_issued(X509 *issuer, X509 *subject)
X509_get_issuer_name(subject)) != 0)
return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
/* Set issuer->skid and subject->akid */
if (!x509v3_cache_extensions(issuer)
|| !x509v3_cache_extensions(subject))
/* set issuer->skid and subject->akid */
if (!ossl_x509v3_cache_extensions(issuer)
|| !ossl_x509v3_cache_extensions(subject))
return X509_V_ERR_UNSPECIFIED;
ret = X509_check_akid(issuer, subject->akid);
@ -938,7 +938,7 @@ int x509_likely_issued(X509 *issuer, X509 *subject)
* Returns 0 for OK, or positive for reason for rejection
* where reason codes match those for X509_verify_cert().
*/
int x509_signing_allowed(const X509 *issuer, const X509 *subject)
int ossl_x509_signing_allowed(const X509 *issuer, const X509 *subject)
{
if (subject->ex_flags & EXFLAG_PROXY) {
if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))

8
crypto/x509/x509_local.h
View File

@ -39,7 +39,7 @@ struct X509_VERIFY_PARAM_st {
};
/* No error callback if depth < 0 */
int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth);
int ossl_x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth);
/* a sequence of these are used */
struct x509_attributes_st {
@ -155,7 +155,5 @@ DEFINE_STACK_OF(BY_DIR_ENTRY)
typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
const ASN1_STRING *sig);
int x509_likely_issued(X509 *issuer, X509 *subject);
int x509_signing_allowed(const X509 *issuer, const X509 *subject);
int ossl_x509_likely_issued(X509 *issuer, X509 *subject);
int ossl_x509_signing_allowed(const X509 *issuer, const X509 *subject);

4
crypto/x509/x509_lu.c
View File

@ -738,7 +738,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
}
/* If certificate matches and is currently valid all OK */
if (ctx->check_issued(ctx, x, obj->data.x509)) {
if (x509_check_cert_time(ctx, obj->data.x509, -1)) {
if (ossl_x509_check_cert_time(ctx, obj->data.x509, -1)) {
*issuer = obj->data.x509;
if (!X509_up_ref(*issuer)) {
*issuer = NULL;
@ -774,7 +774,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
if (ctx->check_issued(ctx, x, pobj->data.x509)) {
ret = 1;
/* If times check fine, exit with match, else keep looking. */
if (x509_check_cert_time(ctx, pobj->data.x509, -1)) {
if (ossl_x509_check_cert_time(ctx, pobj->data.x509, -1)) {
*issuer = pobj->data.x509;
break;
}

8
crypto/x509/x509_set.c
View File

@ -61,7 +61,7 @@ int X509_set_subject_name(X509 *x, const X509_NAME *name)
return X509_NAME_set(&x->cert_info.subject, name);
}
int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
int ossl_x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
{
ASN1_TIME *in;
in = *ptm;
@ -79,14 +79,14 @@ int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm)
{
if (x == NULL)
return 0;
return x509_set1_time(&x->cert_info.validity.notBefore, tm);
return ossl_x509_set1_time(&x->cert_info.validity.notBefore, tm);
}
int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
{
if (x == NULL)
return 0;
return x509_set1_time(&x->cert_info.validity.notAfter, tm);
return ossl_x509_set1_time(&x->cert_info.validity.notAfter, tm);
}
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
@ -270,7 +270,7 @@ static int x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
}
/* Returns 1 on success, 0 on failure */
int x509_init_sig_info(X509 *x)
int ossl_x509_init_sig_info(X509 *x)
{
return x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature);
}

18
crypto/x509/x509_vfy.c
View File

@ -85,7 +85,7 @@ static int null_callback(int ok, X509_STORE_CTX *e)
/*-
* Return 1 if given cert is considered self-signed, 0 if not, or -1 on error.
* This actually verifies self-signedness only if requested.
* It calls X509v3_cache_extensions()
* It calls ossl_x509v3_cache_extensions()
* to match issuer and subject names (i.e., the cert being self-issued) and any
* present authority key identifier to match the subject key identifier, etc.
*/
@ -97,7 +97,7 @@ int X509_self_signed(X509 *cert, int verify_signature)
ERR_raise(ERR_LIB_X509, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
return -1;
}
if (!x509v3_cache_extensions(cert))
if (!ossl_x509v3_cache_extensions(cert))
return -1;
if ((cert->ex_flags & EXFLAG_SS) == 0)
return 0;
@ -329,7 +329,7 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
if (ctx->check_issued(ctx, x, issuer)
&& (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1)
|| !sk_X509_contains(ctx->chain, issuer))) {
if (x509_check_cert_time(ctx, issuer, -1))
if (ossl_x509_check_cert_time(ctx, issuer, -1))
return issuer;
if (rv == NULL || ASN1_TIME_compare(X509_get0_notAfter(issuer),
X509_get0_notAfter(rv)) > 0)
@ -342,7 +342,7 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
/* Check that the given certificate 'x' is issued by the certificate 'issuer' */
static int check_issued(ossl_unused X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
{
int err = x509_likely_issued(issuer, x);
int err = ossl_x509_likely_issued(issuer, x);
if (err == X509_V_OK)
return 1;
@ -1701,7 +1701,7 @@ static int check_policy(X509_STORE_CTX *ctx)
*
* Return 1 on success, 0 otherwise.
*/
int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
int ossl_x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
{
time_t *ptime;
int i;
@ -1745,7 +1745,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
* We report the issuer as NULL because all we have is a bare key.
*/
xi = NULL;
} else if (x509_likely_issued(xi, xi) != X509_V_OK
} else if (ossl_x509_likely_issued(xi, xi) != X509_V_OK
/* exceptional case: last cert in the chain is not self-issued */
&& ((ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) == 0)) {
if (n > 0) {
@ -1804,7 +1804,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
* we are free to ignore any key usage restrictions on such certs.
*/
int ret = xs == xi && (xi->ex_flags & EXFLAG_CA) == 0
? X509_V_OK : x509_signing_allowed(xi, xs);
? X509_V_OK : ossl_x509_signing_allowed(xi, xs);
CB_FAIL_IF(ret != X509_V_OK, ctx, xi, issuer_depth, ret);
if ((pkey = X509_get0_pubkey(xi)) == NULL) {
@ -1818,7 +1818,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
/* in addition to RFC 5280, do also for trusted (root) cert */
/* Calls verify callback as needed */
if (!x509_check_cert_time(ctx, xs, n))
if (!ossl_x509_check_cert_time(ctx, xs, n))
return 0;
/*
@ -3287,7 +3287,7 @@ static int build_chain(X509_STORE_CTX *ctx)
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
case X509_V_ERR_CERT_HAS_EXPIRED:
return 0; /* Callback already issued by x509_check_cert_time() */
return 0; /* Callback already issued by ossl_x509_check_cert_time() */
default: /* A preliminary error has become final */
return verify_cb_cert(ctx, NULL, num - 1, ctx->error);
case X509_V_OK:

4
crypto/x509/x509cset.c
View File

@ -38,14 +38,14 @@ int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
{
if (x == NULL)
return 0;
return x509_set1_time(&x->crl.lastUpdate, tm);
return ossl_x509_set1_time(&x->crl.lastUpdate, tm);
}
int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
{
if (x == NULL)
return 0;
return x509_set1_time(&x->crl.nextUpdate, tm);
return ossl_x509_set1_time(&x->crl.nextUpdate, tm);
}
int X509_CRL_sort(X509_CRL *c)

5
crypto/x509/x_crl.c
View File

@ -270,7 +270,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
{
X509_CRL *old = exarg;
if (!x509_crl_set0_libctx(crl, old->libctx, old->propq))
if (!ossl_x509_crl_set0_libctx(crl, old->libctx, old->propq))
return 0;
}
break;
@ -500,7 +500,8 @@ void *X509_CRL_get_meth_data(X509_CRL *crl)
return crl->meth_data;
}
int x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx, const char *propq)
int ossl_x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx,
const char *propq)
{
if (x != NULL) {
x->libctx = libctx;

14
crypto/x509/x_pubkey.c
View File

@ -438,8 +438,8 @@ static EVP_PKEY *d2i_PUBKEY_int(EVP_PKEY **a,
}
/* For the algorithm specific d2i functions further down */
EVP_PKEY *d2i_PUBKEY_legacy(EVP_PKEY **a,
const unsigned char **pp, long length)
EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a,
const unsigned char **pp, long length)
{
return d2i_PUBKEY_int(a, pp, length, NULL, NULL, 1, d2i_X509_PUBKEY);
}
@ -516,7 +516,7 @@ RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length)
const unsigned char *q;
q = *pp;
pkey = d2i_PUBKEY_legacy(NULL, &q, length);
pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length);
if (pkey == NULL)
return NULL;
key = EVP_PKEY_get1_RSA(pkey);
@ -557,7 +557,7 @@ DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
const unsigned char *q;
q = *pp;
pkey = d2i_PUBKEY_legacy(NULL, &q, length);
pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length);
if (pkey == NULL)
return NULL;
key = EVP_PKEY_get1_DSA(pkey);
@ -599,7 +599,7 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
const unsigned char *q;
q = *pp;
pkey = d2i_PUBKEY_legacy(NULL, &q, length);
pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length);
if (pkey == NULL)
return NULL;
key = EVP_PKEY_get1_EC_KEY(pkey);
@ -693,8 +693,8 @@ int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b)
return EVP_PKEY_eq(pA, pB);
}
int X509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq,
const X509_PUBKEY *key)
int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq,
const X509_PUBKEY *key)
{
if (plibctx)
*plibctx = key->libctx;

8
crypto/x509/x_x509.c
View File

@ -102,7 +102,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
{
X509 *old = exarg;
if (!x509_set0_libctx(ret, old->libctx, old->propq))
if (!ossl_x509_set0_libctx(ret, old->libctx, old->propq))
return 0;
}
break;
@ -130,7 +130,7 @@ X509 *d2i_X509(X509 **a, const unsigned char **in, long len)
cert = (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, (X509_it()));
/* Only cache the extensions if the cert object was passed in */
if (cert != NULL && a != NULL) {
if (!x509v3_cache_extensions(cert)) {
if (!ossl_x509v3_cache_extensions(cert)) {
if (free_on_error)
X509_free(cert);
cert = NULL;
@ -148,7 +148,7 @@ int i2d_X509(const X509 *a, unsigned char **out)
* asn1 object and it needs a libctx to operate.
* Use X509_new_ex() instead if possible.
*/
int x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq)
int ossl_x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq)
{
if (x != NULL) {
x->libctx = libctx;
@ -168,7 +168,7 @@ X509 *X509_new_ex(OSSL_LIB_CTX *libctx, const char *propq)
X509 *cert = NULL;
cert = (X509 *)ASN1_item_new((X509_it()));
if (!x509_set0_libctx(cert, libctx, propq)) {
if (!ossl_x509_set0_libctx(cert, libctx, propq)) {
X509_free(cert);
cert = NULL;
}

28
include/crypto/x509.h
View File

@ -305,29 +305,27 @@ struct x509_object_st {
};
int ossl_a2i_ipadd(unsigned char *ipout, const char *ipasc);
int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
int x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags);
int x509v3_cache_extensions(X509 *x);
int x509_init_sig_info(X509 *x);
int x509_check_issued_int(X509 *issuer, X509 *subject, OSSL_LIB_CTX *libctx,
const char *propq);
int ossl_x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
int ossl_x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags);
int ossl_x509v3_cache_extensions(X509 *x);
int ossl_x509_init_sig_info(X509 *x);
int x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq);
int x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx, const char *propq);
int x509_init_sig_info(X509 *x);
int ossl_asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *type, void *data,
unsigned char *md, unsigned int *len,
int ossl_x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq);
int ossl_x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx,
const char *propq);
int ossl_asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *type,
void *data, unsigned char *md, unsigned int *len,
OSSL_LIB_CTX *libctx, const char *propq);
int ossl_x509_add_cert_new(STACK_OF(X509) **sk, X509 *cert, int flags);
int ossl_x509_add_certs_new(STACK_OF(X509) **p_sk, STACK_OF(X509) *certs,
int flags);
int X509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq,
const X509_PUBKEY *key);
int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq,
const X509_PUBKEY *key);
/* Calculate default key identifier according to RFC 5280 section 4.2.1.2 (1) */
ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey);
/* A variant of d2i_PUBKEY() that is guaranteed to only return legacy keys */
EVP_PKEY *d2i_PUBKEY_legacy(EVP_PKEY **a,
const unsigned char **in, long length);
EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a,
const unsigned char **in, long length);
#endif

2
providers/implementations/encode_decode/decode_der2key.c
View File

@ -337,7 +337,7 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
&& (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
RESET_ERR_MARK();
derp = der;
pkey = d2i_PUBKEY_legacy(NULL, &derp, der_len);
pkey = ossl_d2i_PUBKEY_legacy(NULL, &derp, der_len);
}
if (pkey != NULL) {