From: Dr. Stephen Henson Date: Sun, 11 Oct 2015 20:05:49 +0000 (+0100) Subject: embed certificate serial number and signature fields X-Git-Tag: OpenSSL_1_1_0-pre1~418 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=81e4943843773a04067703e0dc1668ec5d3b4cf1;p=oweals%2Fopenssl.git embed certificate serial number and signature fields Reviewed-by: Rich Salz --- diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h index 8fd0bcff71..87bd68d993 100644 --- a/crypto/include/internal/x509_int.h +++ b/crypto/include/internal/x509_int.h @@ -176,7 +176,7 @@ struct x509_cert_aux_st { struct x509_cinf_st { ASN1_INTEGER *version; /* [ 0 ] default of v1 */ - ASN1_INTEGER *serialNumber; + ASN1_INTEGER serialNumber; X509_ALGOR signature; X509_NAME *issuer; X509_VAL validity; @@ -191,7 +191,7 @@ struct x509_cinf_st { struct x509_st { X509_CINF cert_info; X509_ALGOR sig_alg; - ASN1_BIT_STRING *signature; + ASN1_BIT_STRING signature; int valid; int references; char *name; diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 4cab108bf2..5a73db1b8b 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -238,7 +238,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, ci->extensions, cflag, 8); if (!(cflag & X509_FLAG_NO_SIGDUMP)) { - if (X509_signature_print(bp, &x->sig_alg, x->signature) <= 0) + if (X509_signature_print(bp, &x->sig_alg, &x->signature) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_AUX)) { diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 1e469f92db..4017545b64 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -72,7 +72,7 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) ai = &a->cert_info; bi = &b->cert_info; - i = ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber); + i = ASN1_INTEGER_cmp(&ai->serialNumber, &bi->serialNumber); if (i) return (i); return (X509_NAME_cmp(ai->issuer, bi->issuer)); @@ -94,8 +94,8 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) goto err; OPENSSL_free(f); if (!EVP_DigestUpdate - (&ctx, (unsigned char *)a->cert_info.serialNumber->data, - (unsigned long)a->cert_info.serialNumber->length)) + (&ctx, (unsigned char *)a->cert_info.serialNumber.data, + (unsigned long)a->cert_info.serialNumber.length)) goto err; if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL)) goto err; @@ -152,7 +152,7 @@ X509_NAME *X509_get_subject_name(X509 *a) ASN1_INTEGER *X509_get_serialNumber(X509 *a) { - return (a->cert_info.serialNumber); + return &a->cert_info.serialNumber; } unsigned long X509_subject_name_hash(X509 *x) @@ -278,7 +278,7 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, if (!sk) return NULL; - x.cert_info.serialNumber = serial; + x.cert_info.serialNumber = *serial; x.cert_info.issuer = name; for (i = 0; i < sk_X509_num(sk); i++) { diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 7873edf33d..38ec0dbc54 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -85,16 +85,11 @@ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) ASN1_INTEGER *in; if (x == NULL) - return (0); - in = x->cert_info.serialNumber; - if (in != serial) { - in = ASN1_INTEGER_dup(serial); - if (in != NULL) { - ASN1_INTEGER_free(x->cert_info.serialNumber); - x->cert_info.serialNumber = in; - } - } - return (in != NULL); + return 0; + in = &x->cert_info.serialNumber; + if (in != serial) + return ASN1_STRING_copy(in, serial); + return 1; } int X509_set_issuer_name(X509 *x, X509_NAME *name) diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 1db66f6f61..1f844504c7 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -77,7 +77,7 @@ int X509_verify(X509 *a, EVP_PKEY *r) if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature)) return 0; return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg, - a->signature, &a->cert_info, r)); + &a->signature, &a->cert_info, r)); } int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) @@ -96,7 +96,8 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) { x->cert_info.enc.modified = 1; return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature, - &x->sig_alg, x->signature, &x->cert_info, pkey, md)); + &x->sig_alg, &x->signature, &x->cert_info, pkey, + md)); } int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) @@ -104,7 +105,7 @@ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) x->cert_info.enc.modified = 1; return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature, - &x->sig_alg, x->signature, &x->cert_info, ctx); + &x->sig_alg, &x->signature, &x->cert_info, ctx); } int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert) diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index 92d4fa34e6..ad2309cccf 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -66,7 +66,7 @@ ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), - ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), + ASN1_EMBED(X509_CINF, serialNumber, ASN1_INTEGER), ASN1_EMBED(X509_CINF, signature, X509_ALGOR), ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), ASN1_EMBED(X509_CINF, validity, X509_VAL), @@ -135,7 +135,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = { ASN1_EMBED(X509, cert_info, X509_CINF), ASN1_EMBED(X509, sig_alg, X509_ALGOR), - ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING) + ASN1_EMBED(X509, signature, ASN1_BIT_STRING) } ASN1_SEQUENCE_END_ref(X509, X509) IMPLEMENT_ASN1_FUNCTIONS(X509) @@ -215,7 +215,7 @@ int i2d_re_X509_tbs(X509 *x, unsigned char **pp) void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509 *x) { if (psig) - *psig = x->signature; + *psig = &x->signature; if (palg) *palg = &x->sig_alg; }