diff options
| author | inoguchi <> | 2021-09-05 01:33:18 +0000 |
|---|---|---|
| committer | inoguchi <> | 2021-09-05 01:33:18 +0000 |
| commit | 1ec075c8ba6ef23f3962d80da8fefe602ea81d92 (patch) | |
| tree | ed5ad73bf49d3ed61752d43282353c6ff961c86a | |
| parent | cae6ba899a9344e719ed96e6afdb8958b891efb0 (diff) | |
| download | openbsd-1ec075c8ba6ef23f3962d80da8fefe602ea81d92.tar.gz openbsd-1ec075c8ba6ef23f3962d80da8fefe602ea81d92.tar.bz2 openbsd-1ec075c8ba6ef23f3962d80da8fefe602ea81d92.zip | |
Use accessor method rather than direct X509 structure access
Referred to OpenSSL commit a8d8e06b and arranged for our codebase.
comment and ok from tb@
| -rw-r--r-- | src/usr.bin/openssl/ca.c | 30 |
1 files changed, 10 insertions, 20 deletions
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c index f9faf5395b..c6230dce5c 100644 --- a/src/usr.bin/openssl/ca.c +++ b/src/usr.bin/openssl/ca.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ca.c,v 1.45 2021/09/02 11:37:44 inoguchi Exp $ */ | 1 | /* $OpenBSD: ca.c,v 1.46 2021/09/05 01:33:18 inoguchi Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1318,6 +1318,7 @@ ca_main(int argc, char **argv) | |||
| 1318 | if (ca_config.verbose) | 1318 | if (ca_config.verbose) |
| 1319 | BIO_printf(bio_err, "writing new certificates\n"); | 1319 | BIO_printf(bio_err, "writing new certificates\n"); |
| 1320 | for (i = 0; i < sk_X509_num(cert_sk); i++) { | 1320 | for (i = 0; i < sk_X509_num(cert_sk); i++) { |
| 1321 | ASN1_INTEGER *serialNumber; | ||
| 1321 | int k; | 1322 | int k; |
| 1322 | char *serialstr; | 1323 | char *serialstr; |
| 1323 | unsigned char *data; | 1324 | unsigned char *data; |
| @@ -1325,8 +1326,10 @@ ca_main(int argc, char **argv) | |||
| 1325 | 1326 | ||
| 1326 | x = sk_X509_value(cert_sk, i); | 1327 | x = sk_X509_value(cert_sk, i); |
| 1327 | 1328 | ||
| 1328 | j = x->cert_info->serialNumber->length; | 1329 | serialNumber = X509_get_serialNumber(x); |
| 1329 | data = (unsigned char *)x->cert_info->serialNumber->data; | 1330 | j = ASN1_STRING_length(serialNumber); |
| 1331 | data = ASN1_STRING_data(serialNumber); | ||
| 1332 | |||
| 1330 | if (j > 0) | 1333 | if (j > 0) |
| 1331 | serialstr = bin2hex(data, j); | 1334 | serialstr = bin2hex(data, j); |
| 1332 | else | 1335 | else |
| @@ -1734,7 +1737,6 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 1734 | ASN1_STRING *str, *str2; | 1737 | ASN1_STRING *str, *str2; |
| 1735 | ASN1_OBJECT *obj; | 1738 | ASN1_OBJECT *obj; |
| 1736 | X509 *ret = NULL; | 1739 | X509 *ret = NULL; |
| 1737 | X509_CINF *ci; | ||
| 1738 | X509_NAME_ENTRY *ne; | 1740 | X509_NAME_ENTRY *ne; |
| 1739 | X509_NAME_ENTRY *tne, *push; | 1741 | X509_NAME_ENTRY *tne, *push; |
| 1740 | EVP_PKEY *pktmp; | 1742 | EVP_PKEY *pktmp; |
| @@ -1838,7 +1840,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 1838 | if (selfsign) | 1840 | if (selfsign) |
| 1839 | CAname = X509_NAME_dup(name); | 1841 | CAname = X509_NAME_dup(name); |
| 1840 | else | 1842 | else |
| 1841 | CAname = X509_NAME_dup(x509->cert_info->subject); | 1843 | CAname = X509_NAME_dup(X509_get_subject_name(x509)); |
| 1842 | if (CAname == NULL) | 1844 | if (CAname == NULL) |
| 1843 | goto err; | 1845 | goto err; |
| 1844 | str = str2 = NULL; | 1846 | str = str2 = NULL; |
| @@ -1962,16 +1964,15 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 1962 | 1964 | ||
| 1963 | if ((ret = X509_new()) == NULL) | 1965 | if ((ret = X509_new()) == NULL) |
| 1964 | goto err; | 1966 | goto err; |
| 1965 | ci = ret->cert_info; | ||
| 1966 | 1967 | ||
| 1967 | #ifdef X509_V3 | 1968 | #ifdef X509_V3 |
| 1968 | /* Make it an X509 v3 certificate. */ | 1969 | /* Make it an X509 v3 certificate. */ |
| 1969 | if (!X509_set_version(ret, 2)) | 1970 | if (!X509_set_version(ret, 2)) |
| 1970 | goto err; | 1971 | goto err; |
| 1971 | #endif | 1972 | #endif |
| 1972 | if (ci->serialNumber == NULL) | 1973 | if (X509_get_serialNumber(ret) == NULL) |
| 1973 | goto err; | 1974 | goto err; |
| 1974 | if (BN_to_ASN1_INTEGER(serial, ci->serialNumber) == NULL) | 1975 | if (BN_to_ASN1_INTEGER(serial, X509_get_serialNumber(ret)) == NULL) |
| 1975 | goto err; | 1976 | goto err; |
| 1976 | if (selfsign) { | 1977 | if (selfsign) { |
| 1977 | if (!X509_set_issuer_name(ret, subject)) | 1978 | if (!X509_set_issuer_name(ret, subject)) |
| @@ -2013,21 +2014,10 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 2013 | /* Lets add the extensions, if there are any */ | 2014 | /* Lets add the extensions, if there are any */ |
| 2014 | if (ext_sect != NULL) { | 2015 | if (ext_sect != NULL) { |
| 2015 | X509V3_CTX ctx; | 2016 | X509V3_CTX ctx; |
| 2016 | if (ci->version == NULL) | ||
| 2017 | if ((ci->version = ASN1_INTEGER_new()) == NULL) | ||
| 2018 | goto err; | ||
| 2019 | 2017 | ||
| 2020 | /* version 3 certificate */ | 2018 | if (!X509_set_version(ret, 2)) |
| 2021 | if (!ASN1_INTEGER_set(ci->version, 2)) | ||
| 2022 | goto err; | 2019 | goto err; |
| 2023 | 2020 | ||
| 2024 | /* | ||
| 2025 | * Free the current entries if any, there should not be any I | ||
| 2026 | * believe | ||
| 2027 | */ | ||
| 2028 | sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free); | ||
| 2029 | ci->extensions = NULL; | ||
| 2030 | |||
| 2031 | /* Initialize the context structure */ | 2021 | /* Initialize the context structure */ |
| 2032 | if (selfsign) | 2022 | if (selfsign) |
| 2033 | X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0); | 2023 | X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0); |