Embed various signature algorithms.

Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-09-17 14:44:19 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2015-09-17 17:18:59 +0100
commit: 6e63c142f269c738e3820203ecec6fe74ad4efa0 (patch)
tree: bd0dbaccea262cbcf7379b5cb5d5745e94360901 /crypto
parent: 568b80206a0a59e4e33abf569b9bef5f8564b36b (diff)
13 files changed, 38 insertions, 39 deletions
diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c
index 51841c05c9..a76e1125e8 100644
--- a/crypto/asn1/t_crl.c
+++ b/crypto/asn1/t_crl.c
@@ -94,8 +94,8 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
     BIO_printf(out, "Certificate Revocation List (CRL):\n");
     l = X509_CRL_get_version(x);
     BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l);
-    i = OBJ_obj2nid(x->sig_alg->algorithm);
-    X509_signature_print(out, x->sig_alg, NULL);
+    i = OBJ_obj2nid(x->sig_alg.algorithm);
+    X509_signature_print(out, &x->sig_alg, NULL);
     p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);
     BIO_printf(out, "%8sIssuer: %s\n", "", p);
     OPENSSL_free(p);
@@ -127,7 +127,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
         X509V3_extensions_print(out, "CRL entry extensions",
                                 r->extensions, 0, 8);
     }
-    X509_signature_print(out, x->sig_alg, x->signature);
+    X509_signature_print(out, &x->sig_alg, x->signature);
 
     return 1;
 
diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c
index d9966a3848..8ea350d7a3 100644
--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@@ -227,7 +227,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
     }
 
     if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
-        if (!X509_signature_print(bp, x->sig_alg, x->signature))
+        if (!X509_signature_print(bp, &x->sig_alg, x->signature))
             goto err;
     }
 
diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c
index 46914f900f..c49f1c7dd2 100644
--- a/crypto/asn1/t_spki.c
+++ b/crypto/asn1/t_spki.c
@@ -91,7 +91,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
     chal = spki->spkac->challenge;
     if (chal->length)
         BIO_printf(out, "  Challenge String: %s\n", chal->data);
-    i = OBJ_obj2nid(spki->sig_algor->algorithm);
+    i = OBJ_obj2nid(spki->sig_algor.algorithm);
     BIO_printf(out, "  Signature Algorithm: %s",
                (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
 
diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c
index cebf441363..17afeb92a4 100644
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -170,7 +170,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
     }
 
     if (!(cflag & X509_FLAG_NO_SIGNAME)) {
-        if (X509_signature_print(bp, ci->signature, NULL) <= 0)
+        if (X509_signature_print(bp, &ci->signature, NULL) <= 0)
             goto err;
     }
 
@@ -246,7 +246,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
                                 ci->extensions, cflag, 8);
 
     if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
-        if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0)
+        if (X509_signature_print(bp, &x->sig_alg, x->signature) <= 0)
             goto err;
     }
     if (!(cflag & X509_FLAG_NO_AUX)) {
diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index 14ba3273b5..36b5177c8f 100644
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -115,7 +115,7 @@ static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 
 ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
         ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
-        ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
+        ASN1_EMBED(X509_CRL_INFO, sig_alg, X509_ALGOR),
         ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
         ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
         ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
@@ -332,7 +332,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
 
 ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = {
         ASN1_EMBED(X509_CRL, crl, X509_CRL_INFO),
-        ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
+        ASN1_EMBED(X509_CRL, sig_alg, X509_ALGOR),
         ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
 } ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
 
@@ -394,7 +394,7 @@ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
 static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
 {
     return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
-                             crl->sig_alg, crl->signature, &crl->crl, r));
+                             &crl->sig_alg, crl->signature, &crl->crl, r));
 }
 
 static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
diff --git a/crypto/asn1/x_req.c b/crypto/asn1/x_req.c
index bd07d72627..b2d14e7223 100644
--- a/crypto/asn1/x_req.c
+++ b/crypto/asn1/x_req.c
@@ -108,7 +108,7 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
 
 ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = {
         ASN1_EMBED(X509_REQ, req_info, X509_REQ_INFO),
-        ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
+        ASN1_EMBED(X509_REQ, sig_alg, X509_ALGOR),
         ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
 } ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
 
diff --git a/crypto/asn1/x_spki.c b/crypto/asn1/x_spki.c
index 88625655f1..a2b20fbba7 100644
--- a/crypto/asn1/x_spki.c
+++ b/crypto/asn1/x_spki.c
@@ -75,7 +75,7 @@ IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
 
 ASN1_SEQUENCE(NETSCAPE_SPKI) = {
         ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
-        ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
+        ASN1_EMBED(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
         ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
 } ASN1_SEQUENCE_END(NETSCAPE_SPKI)
 
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index 76dfa35796..112e63c4b6 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -66,7 +66,7 @@
 ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
         ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
         ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
-        ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
+        ASN1_EMBED(X509_CINF, signature, X509_ALGOR),
         ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
         ASN1_EMBED(X509_CINF, validity, X509_VAL),
         ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
@@ -133,7 +133,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 
 ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
         ASN1_EMBED(X509, cert_info, X509_CINF),
-        ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
+        ASN1_EMBED(X509, sig_alg, X509_ALGOR),
         ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
 } ASN1_SEQUENCE_END_ref(X509, X509)
 
@@ -213,16 +213,15 @@ int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
     return i2d_X509_CINF(&x->cert_info, pp);
 }
 
-void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
-                         const X509 *x)
+void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509 *x)
 {
     if (psig)
         *psig = x->signature;
     if (palg)
-        *palg = x->sig_alg;
+        *palg = &x->sig_alg;
 }
 
 int X509_get_signature_nid(const X509 *x)
 {
-    return OBJ_obj2nid(x->sig_alg->algorithm);
+    return OBJ_obj2nid(x->sig_alg.algorithm);
 }
diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h
index 96c15e3c90..d9147aea3b 100644
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -101,14 +101,14 @@ struct X509_req_info_st {
 
 struct X509_req_st {
     X509_REQ_INFO req_info;
-    X509_ALGOR *sig_alg;
+    X509_ALGOR sig_alg;
     ASN1_BIT_STRING *signature;
     int references;
 };
 
 struct X509_crl_info_st {
     ASN1_INTEGER *version;
-    X509_ALGOR *sig_alg;
+    X509_ALGOR sig_alg;
     X509_NAME *issuer;
     ASN1_TIME *lastUpdate;
     ASN1_TIME *nextUpdate;
@@ -120,7 +120,7 @@ struct X509_crl_info_st {
 struct X509_crl_st {
     /* actual signature */
     X509_CRL_INFO crl;
-    X509_ALGOR *sig_alg;
+    X509_ALGOR sig_alg;
     ASN1_BIT_STRING *signature;
     int references;
     int flags;
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 6f8199b6b4..1e469f92db 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -456,7 +456,7 @@ int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
     int sign_nid;
     if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
         return X509_V_OK;
-    sign_nid = OBJ_obj2nid(crl->crl.sig_alg->algorithm);
+    sign_nid = OBJ_obj2nid(crl->crl.sig_alg.algorithm);
     return check_suite_b(pk, sign_nid, &flags);
 }
 
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index b5209f23cd..1284bcb3db 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -173,7 +173,7 @@ ASN1_TIME *X509_get_notAfter(X509 *x)
 
 int X509_get_signature_type(const X509 *x)
 {
-    return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg->algorithm));
+    return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg.algorithm));
 }
 
 X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x)
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index e89dbc7397..6215cf0123 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -164,12 +164,12 @@ STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl)
 }
 
 void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
-                             const X509_CRL *crl)
+                             X509_CRL *crl)
 {
     if (psig)
         *psig = crl->signature;
     if (palg)
-        *palg = crl->sig_alg;
+        *palg = &crl->sig_alg;
 }
 
 int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index b7f6be13bc..1db66f6f61 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -74,37 +74,37 @@
 
 int X509_verify(X509 *a, EVP_PKEY *r)
 {
-    if (X509_ALGOR_cmp(a->sig_alg, a->cert_info.signature))
+    if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature))
         return 0;
-    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg,
+    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
                              a->signature, &a->cert_info, r));
 }
 
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
 {
     return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
-                             a->sig_alg, a->signature, &a->req_info, r));
+                             &a->sig_alg, a->signature, &a->req_info, r));
 }
 
 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
 {
     return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
-                             a->sig_algor, a->signature, a->spkac, r));
+                             &a->sig_algor, a->signature, a->spkac, r));
 }
 
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 {
     x->cert_info.enc.modified = 1;
-    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info.signature,
-                           x->sig_alg, x->signature, &x->cert_info, pkey, md));
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature,
+                           &x->sig_alg, x->signature, &x->cert_info, pkey, md));
 }
 
 int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
 {
     x->cert_info.enc.modified = 1;
     return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
-                              x->cert_info.signature,
-                              x->sig_alg, x->signature, &x->cert_info, ctx);
+                              &x->cert_info.signature,
+                              &x->sig_alg, x->signature, &x->cert_info, ctx);
 }
 
 int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert)
@@ -115,29 +115,29 @@ int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert)
 
 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
 {
-    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), x->sig_alg, NULL,
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
                            x->signature, &x->req_info, pkey, md));
 }
 
 int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
 {
     return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
-                              x->sig_alg, NULL, x->signature, &x->req_info,
+                              &x->sig_alg, NULL, x->signature, &x->req_info,
                               ctx);
 }
 
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
 {
     x->crl.enc.modified = 1;
-    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl.sig_alg,
-                           x->sig_alg, x->signature, &x->crl, pkey, md));
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
+                           &x->sig_alg, x->signature, &x->crl, pkey, md));
 }
 
 int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
 {
     x->crl.enc.modified = 1;
     return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
-                              x->crl.sig_alg, x->sig_alg, x->signature,
+                              &x->crl.sig_alg, &x->sig_alg, x->signature,
                               &x->crl, ctx);
 }
 
@@ -150,7 +150,7 @@ int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl)
 
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
 {
-    return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL,
+    return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL,
                            x->signature, x->spkac, pkey, md));
 }
author	Dr. Stephen Henson <steve@openssl.org>	2015-09-17 14:44:19 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2015-09-17 17:18:59 +0100
commit	6e63c142f269c738e3820203ecec6fe74ad4efa0 (patch)
tree	bd0dbaccea262cbcf7379b5cb5d5745e94360901 /crypto
parent	568b80206a0a59e4e33abf569b9bef5f8564b36b (diff)