From 124055a96e8533735b32e6af0fa7913c100ffad2 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 31 Aug 2015 12:58:07 +0100 Subject: [PATCH] make X509_REQ opaque Reviewed-by: Rich Salz --- apps/ca.c | 5 +---- apps/req.c | 2 -- apps/x509.c | 13 ++----------- crypto/asn1/t_req.c | 1 + crypto/asn1/x_req.c | 1 + crypto/include/internal/x509_int.h | 16 ++++++++++++++++ crypto/x509/x509_r2x.c | 1 + crypto/x509/x509_req.c | 11 +++++++++++ crypto/x509/x509rset.c | 4 ++++ crypto/x509/x_all.c | 1 + crypto/x509v3/v3_skey.c | 1 + crypto/x509v3/v3_utl.c | 1 + include/openssl/x509.h | 20 ++++---------------- 13 files changed, 44 insertions(+), 33 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 0a8d7b741..b93cff561 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1479,7 +1479,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, goto end; } X509_REQ_set_subject_name(req, n); - req->req_info->enc.modified = 1; X509_NAME_free(n); } @@ -1993,7 +1992,6 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509_REQ *req = NULL; CONF_VALUE *cv = NULL; NETSCAPE_SPKI *spki = NULL; - X509_REQ_INFO *ri; char *type, *buf; EVP_PKEY *pktmp = NULL; X509_NAME *n = NULL; @@ -2037,8 +2035,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, /* * Build up the subject name set. */ - ri = req->req_info; - n = ri->subject; + n = X509_REQ_get_subject_name(req); for (i = 0;; i++) { if (sk_CONF_VALUE_num(sk) <= i) diff --git a/apps/req.c b/apps/req.c index 9b017aa7b..59cc6b466 100644 --- a/apps/req.c +++ b/apps/req.c @@ -726,8 +726,6 @@ int req_main(int argc, char **argv) goto end; } - req->req_info->enc.modified = 1; - if (verbose) { print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag); diff --git a/apps/x509.c b/apps/x509.c index 2fd92f4dc..6b41a7501 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -567,15 +567,6 @@ int x509_main(int argc, char **argv) goto end; } - if ((req->req_info == NULL) || - (req->req_info->pubkey == NULL) || - (req->req_info->pubkey->public_key == NULL) || - (req->req_info->pubkey->public_key->data == NULL)) { - BIO_printf(bio_err, - "The certificate request appears to corrupted\n"); - BIO_printf(bio_err, "It does not contain a public key\n"); - goto end; - } if ((pkey = X509_REQ_get_pubkey(req)) == NULL) { BIO_printf(bio_err, "error unpacking public key\n"); goto end; @@ -611,9 +602,9 @@ int x509_main(int argc, char **argv) } else if (!X509_set_serialNumber(x, sno)) goto end; - if (!X509_set_issuer_name(x, req->req_info->subject)) + if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req))) goto end; - if (!X509_set_subject_name(x, req->req_info->subject)) + if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req))) goto end; X509_gmtime_adj(X509_get_notBefore(x), 0); diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index fd8302333..7d72e0a26 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c @@ -62,6 +62,7 @@ #include #include #include +#include "internal/x509_int.h" #include #ifndef OPENSSL_NO_RSA # include diff --git a/crypto/asn1/x_req.c b/crypto/asn1/x_req.c index 1679a5607..102b1f633 100644 --- a/crypto/asn1/x_req.c +++ b/crypto/asn1/x_req.c @@ -60,6 +60,7 @@ #include "internal/cryptlib.h" #include #include +#include "internal/x509_int.h" /*- * X509_REQ_INFO is handled in an unusual way to get round diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h index 644b27d40..70abb2cd4 100644 --- a/crypto/include/internal/x509_int.h +++ b/crypto/include/internal/x509_int.h @@ -89,3 +89,19 @@ struct x509_cert_aux_st { ASN1_OCTET_STRING *keyid; /* key id of private key */ STACK_OF(X509_ALGOR) *other; /* other unspecified info */ }; + +struct X509_req_info_st { + ASN1_ENCODING enc; + ASN1_INTEGER *version; + X509_NAME *subject; + X509_PUBKEY *pubkey; + /* d=2 hl=2 l= 0 cons: cont: 00 */ + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ +}; + +struct X509_req_st { + X509_REQ_INFO *req_info; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int references; +}; diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c index d9c3cfd42..abf75cdb7 100644 --- a/crypto/x509/x509_r2x.c +++ b/crypto/x509/x509_r2x.c @@ -62,6 +62,7 @@ #include #include #include +#include "internal/x509_int.h" #include #include diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index b6c46980a..70e27b830 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -63,6 +63,7 @@ #include #include #include +#include "internal/x509_int.h" #include #include #include @@ -303,3 +304,13 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, return 1; return 0; } + +long X509_REQ_get_version(X509_REQ *req) +{ + return ASN1_INTEGER_get(req->req_info->version); +} + +X509_NAME *X509_REQ_get_subject_name(X509_REQ *req) +{ + return req->req_info->subject; +} diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c index cafaf7560..cf9bdfb3e 100644 --- a/crypto/x509/x509rset.c +++ b/crypto/x509/x509rset.c @@ -62,11 +62,13 @@ #include #include #include +#include "internal/x509_int.h" int X509_REQ_set_version(X509_REQ *x, long version) { if (x == NULL) return (0); + x->req_info->enc.modified = 1; return (ASN1_INTEGER_set(x->req_info->version, version)); } @@ -74,6 +76,7 @@ int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) { if ((x == NULL) || (x->req_info == NULL)) return (0); + x->req_info->enc.modified = 1; return (X509_NAME_set(&x->req_info->subject, name)); } @@ -81,5 +84,6 @@ int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) { if ((x == NULL) || (x->req_info == NULL)) return (0); + x->req_info->enc.modified = 1; return (X509_PUBKEY_set(&x->req_info->pubkey, pkey)); } diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index a7ad14879..591a95188 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -63,6 +63,7 @@ #include #include #include +#include "internal/x509_int.h" #include #ifndef OPENSSL_NO_RSA # include diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index c0c71c088..a1167cc2f 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c @@ -60,6 +60,7 @@ #include #include "internal/cryptlib.h" #include +#include "internal/x509_int.h" static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index cd8aff291..15029f9ba 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -63,6 +63,7 @@ #include "internal/cryptlib.h" #include #include +#include "internal/x509_int.h" #include static char *strip_spaces(char *name); diff --git a/include/openssl/x509.h b/include/openssl/x509.h index ab8abcaf7..dc96a2bf9 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -166,21 +166,9 @@ typedef struct x509_attributes_st X509_ATTRIBUTE; DECLARE_STACK_OF(X509_ATTRIBUTE) -typedef struct X509_req_info_st { - ASN1_ENCODING enc; - ASN1_INTEGER *version; - X509_NAME *subject; - X509_PUBKEY *pubkey; - /* d=2 hl=2 l= 0 cons: cont: 00 */ - STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ -} X509_REQ_INFO; +typedef struct X509_req_info_st X509_REQ_INFO; -typedef struct X509_req_st { - X509_REQ_INFO *req_info; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - int references; -} X509_REQ; +typedef struct X509_req_st X509_REQ; typedef struct x509_cinf_st { ASN1_INTEGER *version; /* [ 0 ] default of v1 */ @@ -508,8 +496,6 @@ extern "C" { # define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) # define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) # define X509_extract_key(x) X509_get_pubkey(x)/*****/ -# define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) -# define X509_REQ_get_subject_name(x) ((x)->req_info->subject) # define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) # define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) # define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) @@ -816,7 +802,9 @@ EVP_PKEY *X509_get_pubkey(X509 *x); ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ ); +long X509_REQ_get_version(X509_REQ *req); int X509_REQ_set_version(X509_REQ *x, long version); +X509_NAME *X509_REQ_get_subject_name(X509_REQ *req); int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);