From e72dbd8e13cbf5a16faaa6c911af5507593dd836 Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Fri, 5 Mar 2021 08:22:56 +1000 Subject: [PATCH] Fix usages of const EVP_MD. Partially fixes #13837 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14474) --- crypto/cms/cms_sd.c | 2 +- crypto/ec/ecx_meth.c | 22 ++++++++++++++-- crypto/ess/ess_lib.c | 2 +- crypto/ts/ts_local.h | 2 ++ crypto/ts/ts_rsp_sign.c | 37 +++++++++++++++++++++----- crypto/x509/x509_cmp.c | 8 +++++- crypto/x509/x509_req.c | 2 +- crypto/x509/x_all.c | 45 ++++++++++++++++---------------- crypto/x509/x_req.c | 41 +++++++++++++++++++++++++++++ doc/build.info | 6 +++++ doc/man3/TS_RESP_CTX_new.pod | 50 ++++++++++++++++++++++++++++++++++++ doc/man3/X509_dup.pod | 1 + include/crypto/x509.h | 4 +++ include/openssl/ts.h | 1 + include/openssl/x509.h.in | 1 + util/libcrypto.num | 2 ++ 16 files changed, 192 insertions(+), 34 deletions(-) create mode 100644 doc/man3/TS_RESP_CTX_new.pod diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index a57943513e..c98d118f4b 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -372,7 +372,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, ESS_SIGNING_CERT_V2 *sc2 = NULL; int add_sc; - if (md == EVP_sha1() || md == NULL) { + if (md == NULL || EVP_MD_is_a(md, SN_sha1)) { if ((sc = ossl_ess_signing_cert_new_init(signer, NULL, 1)) == NULL) goto err; diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index d476af0e3c..d68189036b 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -991,6 +991,8 @@ static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) ctx->propquery); unsigned char *privkey = NULL, *pubkey; unsigned int sz; + EVP_MD *md = NULL; + int rv; if (key == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); @@ -1008,7 +1010,13 @@ static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED25519_KEYLEN) <= 0) goto err; - if (!EVP_Digest(privkey, 32, buff, &sz, EVP_sha512(), NULL)) + md = EVP_MD_fetch(ctx->libctx, "SHA512", ctx->propquery); + if (md == NULL) + goto err; + + rv = EVP_Digest(privkey, 32, buff, &sz, md, NULL); + EVP_MD_free(md); + if (!rv) goto err; buff[0] &= 248; @@ -1049,6 +1057,8 @@ static int s390x_pkey_ecd_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) ctx->propquery); unsigned char *privkey = NULL, *pubkey; EVP_MD_CTX *hashctx = NULL; + EVP_MD *md = NULL; + int rv; if (key == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); @@ -1069,8 +1079,16 @@ static int s390x_pkey_ecd_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) hashctx = EVP_MD_CTX_new(); if (hashctx == NULL) goto err; - if (EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL) != 1) + + md = EVP_MD_fetch(ctx->libctx, "SHAKE256", ctx->propquery); + if (md == NULL) goto err; + + rv = EVP_DigestInit_ex(hashctx, md, NULL); + EVP_MD_free(md); + if (rv != 1) + goto err; + if (EVP_DigestUpdate(hashctx, privkey, 57) != 1) goto err; if (EVP_DigestFinalXOF(hashctx, buff, sizeof(buff)) != 1) diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c index ebc76cb79c..96cb6d053f 100644 --- a/crypto/ess/ess_lib.c +++ b/crypto/ess/ess_lib.c @@ -145,7 +145,7 @@ static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg, if ((cid = ESS_CERT_ID_V2_new()) == NULL) goto err; - if (hash_alg != EVP_sha256()) { + if (!EVP_MD_is_a(hash_alg, SN_sha256)) { alg = X509_ALGOR_new(); if (alg == NULL) goto err; diff --git a/crypto/ts/ts_local.h b/crypto/ts/ts_local.h index 320173376a..99a420dddf 100644 --- a/crypto/ts/ts_local.h +++ b/crypto/ts/ts_local.h @@ -124,6 +124,8 @@ struct TS_resp_ctx { TS_REQ *request; TS_RESP *response; TS_TST_INFO *tst_info; + OSSL_LIB_CTX *libctx; + char *propq; }; struct TS_verify_ctx { diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 0bbe0e2b6c..e29420232f 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -108,7 +108,7 @@ static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext, /* TS_RESP_CTX management functions. */ -TS_RESP_CTX *TS_RESP_CTX_new(void) +TS_RESP_CTX *TS_RESP_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq) { TS_RESP_CTX *ctx; @@ -117,8 +117,15 @@ TS_RESP_CTX *TS_RESP_CTX_new(void) return NULL; } - ctx->signer_md = EVP_sha256(); - + if (propq != NULL) { + ctx->propq = OPENSSL_strdup(propq); + if (ctx->propq == NULL) { + OPENSSL_free(ctx); + ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); + return NULL; + } + } + ctx->libctx = libctx; ctx->serial_cb = def_serial_cb; ctx->time_cb = def_time_cb; ctx->extension_cb = def_extension_cb; @@ -126,11 +133,17 @@ TS_RESP_CTX *TS_RESP_CTX_new(void) return ctx; } +TS_RESP_CTX *TS_RESP_CTX_new(void) +{ + return TS_RESP_CTX_new_ex(NULL, NULL); +} + void TS_RESP_CTX_free(TS_RESP_CTX *ctx) { if (!ctx) return; + OPENSSL_free(ctx->propq); X509_free(ctx->signer_cert); EVP_PKEY_free(ctx->signer_key); sk_X509_pop_free(ctx->certs, X509_free); @@ -623,13 +636,14 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx) ASN1_OBJECT *oid; BIO *p7bio = NULL; int i; + EVP_MD *signer_md = NULL; if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) { ERR_raise(ERR_LIB_TS, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); goto err; } - if ((p7 = PKCS7_new()) == NULL) { + if ((p7 = PKCS7_new_ex(ctx->libctx, ctx->propq)) == NULL) { ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); goto err; } @@ -648,8 +662,16 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx) } } + if (ctx->signer_md == NULL) + signer_md = EVP_MD_fetch(ctx->libctx, "SHA256", ctx->propq); + else if (EVP_MD_provider(ctx->signer_md) == NULL) + signer_md = EVP_MD_fetch(ctx->libctx, EVP_MD_name(ctx->signer_md), + ctx->propq); + else + signer_md = (EVP_MD *)ctx->signer_md; + if ((si = PKCS7_add_signature(p7, ctx->signer_cert, - ctx->signer_key, ctx->signer_md)) == NULL) { + ctx->signer_key, signer_md)) == NULL) { ERR_raise(ERR_LIB_TS, TS_R_PKCS7_ADD_SIGNATURE_ERROR); goto err; } @@ -663,7 +685,7 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx) certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL; if (ctx->ess_cert_id_digest == NULL - || ctx->ess_cert_id_digest == EVP_sha1()) { + || EVP_MD_is_a(ctx->ess_cert_id_digest, SN_sha1)) { if ((sc = ossl_ess_signing_cert_new_init(ctx->signer_cert, certs, 0)) == NULL) goto err; @@ -704,6 +726,9 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx) ret = 1; err: + if (signer_md != ctx->signer_md) + EVP_MD_free(signer_md); + if (!ret) TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, "Error during signature " diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 3ced70b21f..51dc24b6fb 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -40,13 +40,18 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) EVP_MD_CTX *ctx = EVP_MD_CTX_new(); unsigned char md[16]; char *f; + EVP_MD *digest = NULL; if (ctx == NULL) goto err; f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); if (f == NULL) goto err; - if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) + digest = EVP_MD_fetch(a->libctx, SN_md5, a->propq); + if (digest == NULL) + goto err; + + if (!EVP_DigestInit_ex(ctx, digest, NULL)) goto err; if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f))) goto err; @@ -61,6 +66,7 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) ) & 0xffffffffL; err: + EVP_MD_free(digest); EVP_MD_CTX_free(ctx); return ret; } diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 29dec4e657..e3f5c2add1 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -26,7 +26,7 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) int i; EVP_PKEY *pktmp; - ret = X509_REQ_new(); + ret = X509_REQ_new_ex(x->libctx, x->propq); if (ret == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index d21b0799f6..c5e0c0b1ec 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -52,16 +52,15 @@ int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) { - return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), - &a->sig_algor, a->signature, a->spkac, r)); + return ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), + &a->sig_algor, a->signature, a->spkac, r); } int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) { x->cert_info.enc.modified = 1; - return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature, - &x->sig_alg, &x->signature, &x->cert_info, pkey, - md)); + return ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature, + &x->sig_alg, &x->signature, &x->cert_info, pkey, md); } int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) @@ -90,8 +89,8 @@ X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout) int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) { - return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL, - x->signature, &x->req_info, pkey, md)); + return ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL, + x->signature, &x->req_info, pkey, md); } int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx) @@ -104,8 +103,8 @@ int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx) int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) { x->crl.enc.modified = 1; - return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg, - &x->sig_alg, &x->signature, &x->crl, pkey, md)); + return ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg, + &x->sig_alg, &x->signature, &x->crl, pkey, md); } int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) @@ -124,8 +123,8 @@ X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout) int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) { - return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL, - x->signature, x->spkac, pkey, md)); + return ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL, + x->signature, x->spkac, pkey, md); } #ifndef OPENSSL_NO_STDIO @@ -399,8 +398,8 @@ int X509_digest(const X509 *cert, const EVP_MD *md, unsigned char *data, memcpy(data, cert->sha1_hash, sizeof(cert->sha1_hash)); return 1; } - return (ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509), md, (char *)cert, - data, len, cert->libctx, cert->propq)); + return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509), md, (char *)cert, + data, len, cert->libctx, cert->propq); } /* calculate cert digest using the same hash algorithm as in its signature */ @@ -435,7 +434,9 @@ ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert) int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { - if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0 + if (type != NULL + && EVP_MD_is_a(type, SN_sha1) + && (data->flags & EXFLAG_SET) != 0 && (data->flags & EXFLAG_NO_FINGERPRINT) == 0) { /* Asking for SHA1; always computed in CRL d2i. */ if (len != NULL) @@ -443,30 +444,30 @@ int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, memcpy(md, data->sha1_hash, sizeof(data->sha1_hash)); return 1; } - return (ASN1_item_digest - (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len)); + return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_CRL), type, (char *)data, + md, len, data->libctx, data->propq); } int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { - return (ASN1_item_digest - (ASN1_ITEM_rptr(X509_REQ), type, (char *)data, md, len)); + return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_REQ), type, (char *)data, + md, len, data->libctx, data->propq); } int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { - return (ASN1_item_digest - (ASN1_ITEM_rptr(X509_NAME), type, (char *)data, md, len)); + return ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME), type, (char *)data, + md, len); } int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { - return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type, - (char *)data, md, len)); + return ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type, + (char *)data, md, len); } #ifndef OPENSSL_NO_STDIO diff --git a/crypto/x509/x_req.c b/crypto/x509/x_req.c index e821ffdb78..2a48d8ccd9 100644 --- a/crypto/x509/x_req.c +++ b/crypto/x509/x_req.c @@ -61,6 +61,14 @@ static int req_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, case ASN1_OP_FREE_POST: ASN1_OCTET_STRING_free(ret->distinguishing_id); break; + case ASN1_OP_DUP_POST: + { + X509_REQ *old = exarg; + + if (!ossl_x509_req_set0_libctx(ret, old->libctx, old->propq)) + return 0; + } + break; } return 1; @@ -98,3 +106,36 @@ ASN1_OCTET_STRING *X509_REQ_get0_distinguishing_id(X509_REQ *x) { return x->distinguishing_id; } + +/* + * This should only be used if the X509_REQ object was embedded inside another + * asn1 object and it needs a libctx to operate. + * Use X509_REQ_new_ex() instead if possible. + */ +int ossl_x509_req_set0_libctx(X509_REQ *x, OSSL_LIB_CTX *libctx, + const char *propq) +{ + if (x != NULL) { + x->libctx = libctx; + OPENSSL_free(x->propq); + x->propq = NULL; + if (propq != NULL) { + x->propq = OPENSSL_strdup(propq); + if (x->propq == NULL) + return 0; + } + } + return 1; +} + +X509_REQ *X509_REQ_new_ex(OSSL_LIB_CTX *libctx, const char *propq) +{ + X509_REQ *req = NULL; + + req = (X509_REQ *)ASN1_item_new((X509_REQ_it())); + if (!ossl_x509_req_set0_libctx(req, libctx, propq)) { + X509_REQ_free(req); + req = NULL; + } + return req; +} diff --git a/doc/build.info b/doc/build.info index 95627bed4d..8294725dd2 100644 --- a/doc/build.info +++ b/doc/build.info @@ -2502,6 +2502,10 @@ DEPEND[html/man3/SSL_write.html]=man3/SSL_write.pod GENERATE[html/man3/SSL_write.html]=man3/SSL_write.pod DEPEND[man/man3/SSL_write.3]=man3/SSL_write.pod GENERATE[man/man3/SSL_write.3]=man3/SSL_write.pod +DEPEND[html/man3/TS_RESP_CTX_new.html]=man3/TS_RESP_CTX_new.pod +GENERATE[html/man3/TS_RESP_CTX_new.html]=man3/TS_RESP_CTX_new.pod +DEPEND[man/man3/TS_RESP_CTX_new.3]=man3/TS_RESP_CTX_new.pod +GENERATE[man/man3/TS_RESP_CTX_new.3]=man3/TS_RESP_CTX_new.pod DEPEND[html/man3/TS_VERIFY_CTX_set_certs.html]=man3/TS_VERIFY_CTX_set_certs.pod GENERATE[html/man3/TS_VERIFY_CTX_set_certs.html]=man3/TS_VERIFY_CTX_set_certs.pod DEPEND[man/man3/TS_VERIFY_CTX_set_certs.3]=man3/TS_VERIFY_CTX_set_certs.pod @@ -3263,6 +3267,7 @@ html/man3/SSL_shutdown.html \ html/man3/SSL_state_string.html \ html/man3/SSL_want.html \ html/man3/SSL_write.html \ +html/man3/TS_RESP_CTX_new.html \ html/man3/TS_VERIFY_CTX_set_certs.html \ html/man3/UI_STRING.html \ html/man3/UI_UTIL_read_pw.html \ @@ -3835,6 +3840,7 @@ man/man3/SSL_shutdown.3 \ man/man3/SSL_state_string.3 \ man/man3/SSL_want.3 \ man/man3/SSL_write.3 \ +man/man3/TS_RESP_CTX_new.3 \ man/man3/TS_VERIFY_CTX_set_certs.3 \ man/man3/UI_STRING.3 \ man/man3/UI_UTIL_read_pw.3 \ diff --git a/doc/man3/TS_RESP_CTX_new.pod b/doc/man3/TS_RESP_CTX_new.pod new file mode 100644 index 0000000000..659946bf20 --- /dev/null +++ b/doc/man3/TS_RESP_CTX_new.pod @@ -0,0 +1,50 @@ +=pod + +=head1 NAME + +TS_RESP_CTX_new_ex, TS_RESP_CTX_new, +TS_RESP_CTX_free - Timestamp response context object creation + + +=head1 SYNOPSIS + + #include + + TS_RESP_CTX *TS_RESP_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq); + TS_RESP_CTX *TS_RESP_CTX_new(void); + void TS_RESP_CTX_free(TS_RESP_CTX *ctx); + +=head1 DESCRIPTION + +Creates a response context that can be used for generating responses. + +TS_RESP_CTX_new_ex() allocates and initializes a TS_RESP_CTX structure with a +library context of I and a property query of I. +The library context and property query can be used to select which providers +supply the fetched algorithms. + +TS_RESP_CTX_new() is similar to TS_RESP_CTX_new_ex() but sets the library context +and property query to NULL. This results in the default (NULL) library context +being used for any operations requiring algorithm fetches. + +TS_RESP_CTX_free() frees the B object I. + +=head1 RETURN VALUES + +If the allocation fails, TS_RESP_CTX_new_ex() and TS_RESP_CTX_new() return NULL, +otherwise it returns a pointer to the newly allocated structure. + +=head1 HISTORY + +The function TS_RESP_CTX_new_ex() was added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod index d3e164a6e0..5bf96bb575 100644 --- a/doc/man3/X509_dup.pod +++ b/doc/man3/X509_dup.pod @@ -288,6 +288,7 @@ X509_REQ_INFO_new, X509_REQ_dup, X509_REQ_free, X509_REQ_new, +X509_REQ_new_ex, X509_REVOKED_dup, X509_REVOKED_free, X509_REVOKED_new, diff --git a/include/crypto/x509.h b/include/crypto/x509.h index 09b1fb15e3..3ff903541f 100644 --- a/include/crypto/x509.h +++ b/include/crypto/x509.h @@ -81,6 +81,8 @@ struct X509_req_st { /* Set on live certificates for authentication purposes */ ASN1_OCTET_STRING *distinguishing_id; + OSSL_LIB_CTX *libctx; + char *propq; }; struct X509_crl_info_st { @@ -314,6 +316,8 @@ int ossl_x509_init_sig_info(X509 *x); int ossl_x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq); int ossl_x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx, const char *propq); +int ossl_x509_req_set0_libctx(X509_REQ *x, OSSL_LIB_CTX *libctx, + const char *propq); int ossl_asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *type, void *data, unsigned char *md, unsigned int *len, OSSL_LIB_CTX *libctx, const char *propq); diff --git a/include/openssl/ts.h b/include/openssl/ts.h index e88ad44cfd..2269573dcf 100644 --- a/include/openssl/ts.h +++ b/include/openssl/ts.h @@ -266,6 +266,7 @@ typedef struct TS_resp_ctx TS_RESP_CTX; /* Creates a response context that can be used for generating responses. */ TS_RESP_CTX *TS_RESP_CTX_new(void); +TS_RESP_CTX *TS_RESP_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq); void TS_RESP_CTX_free(TS_RESP_CTX *ctx); /* This parameter must be set. */ diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in index 32aea0e0db..50d8712e41 100644 --- a/include/openssl/x509.h.in +++ b/include/openssl/x509.h.in @@ -579,6 +579,7 @@ void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) DECLARE_ASN1_FUNCTIONS(X509_REQ) +X509_REQ *X509_REQ_new_ex(OSSL_LIB_CTX *libctx, const char *propq); DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); diff --git a/util/libcrypto.num b/util/libcrypto.num index 523971f1f4..3fd52714bc 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5328,3 +5328,5 @@ EVP_PKEY_derive_init_ex ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_print_public_fp ? 3_0_0 EXIST::FUNCTION:STDIO EVP_PKEY_print_private_fp ? 3_0_0 EXIST::FUNCTION:STDIO EVP_PKEY_print_params_fp ? 3_0_0 EXIST::FUNCTION:STDIO +TS_RESP_CTX_new_ex ? 3_0_0 EXIST::FUNCTION:TS +X509_REQ_new_ex ? 3_0_0 EXIST::FUNCTION: