make X509_REQ opaque

Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/apps/ca.c b/apps/ca.c
index 0a8d7b7417d115f7dfd98d3f25769b271c4dff4a..b93cff561981269eb17f828be733a7871e51ba40 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1479,7 +1479,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
             goto end;
         }
         X509_REQ_set_subject_name(req, n);
-        req->req_info->enc.modified = 1;
         X509_NAME_free(n);
     }
 
@@ -1993,7 +1992,6 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
     X509_REQ *req = NULL;
     CONF_VALUE *cv = NULL;
     NETSCAPE_SPKI *spki = NULL;
-    X509_REQ_INFO *ri;
     char *type, *buf;
     EVP_PKEY *pktmp = NULL;
     X509_NAME *n = NULL;
@@ -2037,8 +2035,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
     /*
      * Build up the subject name set.
      */
-    ri = req->req_info;
-    n = ri->subject;
+    n = X509_REQ_get_subject_name(req);
 
     for (i = 0;; i++) {
         if (sk_CONF_VALUE_num(sk) <= i)

diff --git a/apps/req.c b/apps/req.c
index 9b017aa7bb0088146cab3d6a48f3be260cf3d7ac..59cc6b466407b040fef140e20231c82fb8f0293a 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -726,8 +726,6 @@ int req_main(int argc, char **argv)
             goto end;
         }
 
-        req->req_info->enc.modified = 1;
-
         if (verbose) {
             print_name(bio_err, "new subject=",
                        X509_REQ_get_subject_name(req), nmflag);

diff --git a/apps/x509.c b/apps/x509.c
index 2fd92f4dcf557f049571719909b4d5f271c4cef8..6b41a7501ae68d3d2335c2046b3c4a1e2a9f6918 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -567,15 +567,6 @@ int x509_main(int argc, char **argv)
             goto end;
         }
 
-        if ((req->req_info == NULL) ||
-            (req->req_info->pubkey == NULL) ||
-            (req->req_info->pubkey->public_key == NULL) ||
-            (req->req_info->pubkey->public_key->data == NULL)) {
-            BIO_printf(bio_err,
-                       "The certificate request appears to corrupted\n");
-            BIO_printf(bio_err, "It does not contain a public key\n");
-            goto end;
-        }
         if ((pkey = X509_REQ_get_pubkey(req)) == NULL) {
             BIO_printf(bio_err, "error unpacking public key\n");
             goto end;
@@ -611,9 +602,9 @@ int x509_main(int argc, char **argv)
         } else if (!X509_set_serialNumber(x, sno))
             goto end;
 
-        if (!X509_set_issuer_name(x, req->req_info->subject))
+        if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req)))
             goto end;
-        if (!X509_set_subject_name(x, req->req_info->subject))
+        if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req)))
             goto end;
 
         X509_gmtime_adj(X509_get_notBefore(x), 0);

diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c
index fd830233356c0b292fe83507c2f747bd19ba9df7..7d72e0a26fb936dd38edbaddc6fc89514dc61d39 100644 (file)
--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@@ -62,6 +62,7 @@
 #include <openssl/bn.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/x509v3.h>
 #ifndef OPENSSL_NO_RSA
 # include <openssl/rsa.h>

diff --git a/crypto/asn1/x_req.c b/crypto/asn1/x_req.c
index 1679a56070fa524edca443658a5dd51d2e5729c3..102b1f633210f0c717ea54d3379119e6b75a9c7f 100644 (file)
--- a/crypto/asn1/x_req.c
+++ b/crypto/asn1/x_req.c
@@ -60,6 +60,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 
 /*-
  * X509_REQ_INFO is handled in an unusual way to get round

diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h
index 644b27d4053159850904f6b44d32a19ccf5269e4..70abb2cd45f7d83733aea467e779e897d5be7c92 100644 (file)
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -89,3 +89,19 @@ struct x509_cert_aux_st {
     ASN1_OCTET_STRING *keyid;   /* key id of private key */
     STACK_OF(X509_ALGOR) *other; /* other unspecified info */
 };
+
+struct X509_req_info_st {
+    ASN1_ENCODING enc;
+    ASN1_INTEGER *version;
+    X509_NAME *subject;
+    X509_PUBKEY *pubkey;
+    /*  d=2 hl=2 l=  0 cons: cont: 00 */
+    STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+};
+
+struct X509_req_st {
+    X509_REQ_INFO *req_info;
+    X509_ALGOR *sig_alg;
+    ASN1_BIT_STRING *signature;
+    int references;
+};

diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
index d9c3cfd42b54c10345814ac8c1711e2fbfaf47de..abf75cdb7a24161535e0d68f77604a15facdd623 100644 (file)
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@@ -62,6 +62,7 @@
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 

diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index b6c46980a03b5df387b66c8ceb1b7281f9614f6a..70e27b8306d9f35bed3ca99037db097218be9742 100644 (file)
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -63,6 +63,7 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/pem.h>
@@ -303,3 +304,13 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req,
         return 1;
     return 0;
 }
+
+long X509_REQ_get_version(X509_REQ *req)
+{
+    return ASN1_INTEGER_get(req->req_info->version);
+}
+
+X509_NAME *X509_REQ_get_subject_name(X509_REQ *req)
+{
+    return req->req_info->subject;
+}

diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c
index cafaf756016c93485330202854995bc93433d832..cf9bdfb3e08afff44f65bfe4d194d3c48b07e096 100644 (file)
--- a/crypto/x509/x509rset.c
+++ b/crypto/x509/x509rset.c
@@ -62,11 +62,13 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 
 int X509_REQ_set_version(X509_REQ *x, long version)
 {
     if (x == NULL)
         return (0);
+    x->req_info->enc.modified = 1;
     return (ASN1_INTEGER_set(x->req_info->version, version));
 }
 
@@ -74,6 +76,7 @@ int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
 {
     if ((x == NULL) || (x->req_info == NULL))
         return (0);
+    x->req_info->enc.modified = 1;
     return (X509_NAME_set(&x->req_info->subject, name));
 }
 
@@ -81,5 +84,6 @@ int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
 {
     if ((x == NULL) || (x->req_info == NULL))
         return (0);
+    x->req_info->enc.modified = 1;
     return (X509_PUBKEY_set(&x->req_info->pubkey, pkey));
 }

diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index a7ad148793b94543d8984f900ff983b45b132ea2..591a95188d1b8859decad8971470c7eef320ac77 100644 (file)
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -63,6 +63,7 @@
 #include <openssl/asn1.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/ocsp.h>
 #ifndef OPENSSL_NO_RSA
 # include <openssl/rsa.h>

diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c
index c0c71c0882f0c4ecf1626db8a91cccc16ed618af..a1167cc2f8021cf380e7e0f57112f8bae168c4e6 100644 (file)
--- a/crypto/x509v3/v3_skey.c
+++ b/crypto/x509v3/v3_skey.c
@@ -60,6 +60,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/x509v3.h>
+#include "internal/x509_int.h"
 
 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
                                       X509V3_CTX *ctx, char *str);

diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index cd8aff291fb59d8f25b83fcf3fa21ed53c85e0f6..15029f9ba53cf4774e4ea8ebdd04cadf6ddb338c 100644 (file)
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -63,6 +63,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
+#include "internal/x509_int.h"
 #include <openssl/bn.h>
 
 static char *strip_spaces(char *name);

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index ab8abcaf78423e498cd8dc56c5c631b6abd0b25e..dc96a2bf99a9325c89853fb232db16345484e581 100644 (file)
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -166,21 +166,9 @@ typedef struct x509_attributes_st X509_ATTRIBUTE;
 
 DECLARE_STACK_OF(X509_ATTRIBUTE)
 
-typedef struct X509_req_info_st {
-    ASN1_ENCODING enc;
-    ASN1_INTEGER *version;
-    X509_NAME *subject;
-    X509_PUBKEY *pubkey;
-    /*  d=2 hl=2 l=  0 cons: cont: 00 */
-    STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-} X509_REQ_INFO;
+typedef struct X509_req_info_st X509_REQ_INFO;
 
-typedef struct X509_req_st {
-    X509_REQ_INFO *req_info;
-    X509_ALGOR *sig_alg;
-    ASN1_BIT_STRING *signature;
-    int references;
-} X509_REQ;
+typedef struct X509_req_st X509_REQ;
 
 typedef struct x509_cinf_st {
     ASN1_INTEGER *version;      /* [ 0 ] default of v1 */
@@ -508,8 +496,6 @@ extern "C" {
 # define         X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
 # define         X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
 # define         X509_extract_key(x)     X509_get_pubkey(x)/*****/
-# define         X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
-# define         X509_REQ_get_subject_name(x) ((x)->req_info->subject)
 # define         X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
 # define         X509_name_cmp(a,b)      X509_NAME_cmp((a),(b))
 # define         X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
@@ -816,7 +802,9 @@ EVP_PKEY *X509_get_pubkey(X509 *x);
 ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
 int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ );
 
+long X509_REQ_get_version(X509_REQ *req);
 int X509_REQ_set_version(X509_REQ *x, long version);
+X509_NAME *X509_REQ_get_subject_name(X509_REQ *req);
 int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);