From: Gibeom Gwon <gb.gwon@stackframe.dev>
Date: Sat, 27 Aug 2022 13:29:28 +0000 (+0900)
Subject: X509 x_all.c: Set 'modified' flag when ASN1_item_sign{,_ctx} call was successful
X-Git-Tag: openssl-3.2.0-alpha1~2106
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9249a34b076df9a9d55ab74ab465d336980cae6a;p=thirdparty%2Fopenssl.git

X509 x_all.c: Set 'modified' flag when ASN1_item_sign{,_ctx} call was successful

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19090)
---

diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index dd3d9321da5..e1c51f904f5 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -59,18 +59,26 @@ int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
 
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 {
-    x->cert_info.enc.modified = 1;
-    return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature,
-                             &x->sig_alg, &x->signature, &x->cert_info, NULL,
-                             pkey, md, x->libctx, x->propq);
+    int ret = 0;
+
+    ret = ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature,
+                            &x->sig_alg, &x->signature, &x->cert_info, NULL,
+                            pkey, md, x->libctx, x->propq);
+    if (ret > 0)
+        x->cert_info.enc.modified = 1;
+    return ret;
 }
 
 int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
 {
-    x->cert_info.enc.modified = 1;
-    return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
-                              &x->cert_info.signature,
-                              &x->sig_alg, &x->signature, &x->cert_info, ctx);
+    int ret = 0;
+
+    ret = ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
+                             &x->cert_info.signature,
+                             &x->sig_alg, &x->signature, &x->cert_info, ctx);
+    if (ret > 0)
+        x->cert_info.enc.modified = 1;
+    return ret;
 }
 
 static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio,
@@ -95,34 +103,50 @@ X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout)
 
 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
 {
-    x->req_info.enc.modified = 1;
-    return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
-                             x->signature, &x->req_info, NULL,
-                             pkey, md, x->libctx, x->propq);
+    int ret = 0;
+
+    ret = ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
+                            x->signature, &x->req_info, NULL,
+                            pkey, md, x->libctx, x->propq);
+    if (ret > 0)
+        x->req_info.enc.modified = 1;
+    return ret;
 }
 
 int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
 {
-    x->req_info.enc.modified = 1;
-    return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
-                              &x->sig_alg, NULL, x->signature, &x->req_info,
-                              ctx);
+    int ret = 0;
+
+    ret = ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
+                             &x->sig_alg, NULL, x->signature, &x->req_info,
+                             ctx);
+    if (ret > 0)
+        x->req_info.enc.modified = 1;
+    return ret;
 }
 
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
 {
-    x->crl.enc.modified = 1;
-    return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
-                             &x->sig_alg, &x->signature, &x->crl, NULL,
-                             pkey, md, x->libctx, x->propq);
+    int ret = 0;
+
+    ret = ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
+                            &x->sig_alg, &x->signature, &x->crl, NULL,
+                            pkey, md, x->libctx, x->propq);
+    if (ret > 0)
+        x->crl.enc.modified = 1;
+    return ret;
 }
 
 int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
 {
-    x->crl.enc.modified = 1;
-    return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
-                              &x->crl.sig_alg, &x->sig_alg, &x->signature,
-                              &x->crl, ctx);
+    int ret = 0;
+
+    ret = ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
+                             &x->crl.sig_alg, &x->sig_alg, &x->signature,
+                             &x->crl, ctx);
+    if (ret > 0)
+        x->crl.enc.modified = 1;
+    return ret;
 }
 
 X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout)