diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-09-02 22:01:18 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-09-06 00:17:37 +0100 |
commit | a8d8e06b0ac06c421fd11cc1772126dcb98f79ae (patch) | |
tree | 14775147addd9c7785f12bc00db95c1a4a96d566 /crypto/ts | |
parent | f728254a840bf7fdd2252fe09e11a0e99c7df1d4 (diff) | |
download | openssl-a8d8e06b0ac06c421fd11cc1772126dcb98f79ae.tar.gz |
Avoid direct X509 structure access
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'crypto/ts')
-rw-r--r-- | crypto/ts/ts_rsp_sign.c | 6 | ||||
-rw-r--r-- | crypto/ts/ts_rsp_verify.c | 14 |
2 files changed, 10 insertions, 10 deletions
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 3343dce275..f7fb762d5b 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -657,7 +657,7 @@ static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx, goto end; tsa_name->type = GEN_DIRNAME; tsa_name->d.dirn = - X509_NAME_dup(ctx->signer_cert->cert_info->subject); + X509_NAME_dup(X509_get_subject_name(ctx->signer_cert)); if (!tsa_name->d.dirn) goto end; if (!TS_TST_INFO_set_tsa(tst_info, tsa_name)) @@ -869,7 +869,7 @@ static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed) if ((name = GENERAL_NAME_new()) == NULL) goto err; name->type = GEN_DIRNAME; - if ((name->d.dirn = X509_NAME_dup(cert->cert_info->issuer)) == NULL) + if ((name->d.dirn = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL) goto err; if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) goto err; @@ -877,7 +877,7 @@ static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed) /* Setting the serial number. */ ASN1_INTEGER_free(cid->issuer_serial->serial); if (!(cid->issuer_serial->serial = - ASN1_INTEGER_dup(cert->cert_info->serialNumber))) + ASN1_INTEGER_dup(X509_get_serialNumber(cert)))) goto err; } diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index c01d6a6565..93a775efec 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -72,7 +72,7 @@ static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain); static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si); static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); -static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo); +static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert); static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token, TS_TST_INFO *tst_info); static int ts_check_status_info(TS_RESP *response); @@ -328,7 +328,7 @@ static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) sizeof(cert->sha1_hash))) { /* Check the issuer/serial as well if specified. */ ESS_ISSUER_SERIAL *is = cid->issuer_serial; - if (!is || !ts_issuer_serial_cmp(is, cert->cert_info)) + if (!is || !ts_issuer_serial_cmp(is, cert)) return i; } } @@ -336,21 +336,21 @@ static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) return -1; } -static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo) +static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert) { GENERAL_NAME *issuer; - if (!is || !cinfo || sk_GENERAL_NAME_num(is->issuer) != 1) + if (!is || !cert || sk_GENERAL_NAME_num(is->issuer) != 1) return -1; /* Check the issuer first. It must be a directory name. */ issuer = sk_GENERAL_NAME_value(is->issuer, 0); if (issuer->type != GEN_DIRNAME - || X509_NAME_cmp(issuer->d.dirn, cinfo->issuer)) + || X509_NAME_cmp(issuer->d.dirn, X509_get_issuer_name(cert))) return -1; /* Check the serial number, too. */ - if (ASN1_INTEGER_cmp(is->serial, cinfo->serialNumber)) + if (ASN1_INTEGER_cmp(is->serial, X509_get_serialNumber(cert))) return -1; return 0; @@ -687,7 +687,7 @@ static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) /* Check the subject name first. */ if (tsa_name->type == GEN_DIRNAME - && X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0) + && X509_name_cmp(tsa_name->d.dirn, X509_get_subject_name(signer)) == 0) return 1; /* Check all the alternative names. */ |