diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-09-02 22:01:18 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-09-06 00:17:37 +0100 |
commit | a8d8e06b0ac06c421fd11cc1772126dcb98f79ae (patch) | |
tree | 14775147addd9c7785f12bc00db95c1a4a96d566 /apps | |
parent | f728254a840bf7fdd2252fe09e11a0e99c7df1d4 (diff) | |
download | openssl-a8d8e06b0ac06c421fd11cc1772126dcb98f79ae.tar.gz |
Avoid direct X509 structure access
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'apps')
-rw-r--r-- | apps/ca.c | 23 | ||||
-rw-r--r-- | apps/x509.c | 9 |
2 files changed, 13 insertions, 19 deletions
@@ -1052,13 +1052,14 @@ end_of_options: if (verbose) BIO_printf(bio_err, "writing new certificates\n"); for (i = 0; i < sk_X509_num(cert_sk); i++) { + ASN1_INTEGER *serialNumber = X509_get_serialNumber(x); int k; char *n; x = sk_X509_value(cert_sk, i); - j = x->cert_info->serialNumber->length; - p = (const char *)x->cert_info->serialNumber->data; + j = ASN1_STRING_length(serialNumber); + p = (const char *)ASN1_STRING_data(serialNumber); if (strlen(outdir) >= (size_t)(j ? BSIZE - j * 2 - 6 : BSIZE - 8)) { BIO_printf(bio_err, "certificate file name too long\n"); @@ -1450,7 +1451,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, ASN1_STRING *str, *str2; ASN1_OBJECT *obj; X509 *ret = NULL; - X509_CINF *ci; X509_NAME_ENTRY *ne; X509_NAME_ENTRY *tne, *push; EVP_PKEY *pktmp; @@ -1546,7 +1546,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (selfsign) CAname = X509_NAME_dup(name); else - CAname = X509_NAME_dup(x509->cert_info->subject); + CAname = X509_NAME_dup(X509_get_subject_name(x509)); if (CAname == NULL) goto end; str = str2 = NULL; @@ -1755,7 +1755,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if ((ret = X509_new()) == NULL) goto end; - ci = ret->cert_info; #ifdef X509_V3 /* Make it an X509 v3 certificate. */ @@ -1763,7 +1762,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, goto end; #endif - if (BN_to_ASN1_INTEGER(serial, ci->serialNumber) == NULL) + if (BN_to_ASN1_INTEGER(serial, X509_get_serialNumber(ret)) == NULL) goto end; if (selfsign) { if (!X509_set_issuer_name(ret, subject)) @@ -1799,17 +1798,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, /* Lets add the extensions, if there are any */ if (ext_sect) { X509V3_CTX ctx; - if (ci->version == NULL) - if ((ci->version = ASN1_INTEGER_new()) == NULL) - goto end; - ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */ - - /* - * Free the current entries if any, there should not be any I believe - */ - sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free); - - ci->extensions = NULL; + X509_set_version(ret, 2); /* Initialize the context structure */ if (selfsign) diff --git a/apps/x509.c b/apps/x509.c index 6b41a7501a..acce9e9ddd 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -894,8 +894,13 @@ int x509_main(int argc, char **argv) goto end; } - if (badsig) - x->signature->data[x->signature->length - 1] ^= 0x1; + if (badsig) { + ASN1_BIT_STRING *signature; + unsigned char *s; + X509_get0_signature(&signature, NULL, x); + s = ASN1_STRING_data(signature); + s[ASN1_STRING_length(signature) - 1] ^= 0x1; + } if (outformat == FORMAT_ASN1) i = i2d_X509_bio(out, x); |