make X509_CRL opaque

author Dr. Stephen Henson <steve@openssl.org>

Mon, 31 Aug 2015 20:30:13 +0000 (21:30 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 2 Sep 2015 20:26:17 +0000 (21:26 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Mon, 31 Aug 2015 20:30:13 +0000 (21:30 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 2 Sep 2015 20:26:17 +0000 (21:26 +0100)
diff --git a/apps/crl.c b/apps/crl.c

index b4c9c7538449114093a68dab69a39d8c54dab358..c0bf8749d2655574ea007061a336d8f9eaa6dbab 100644 (file)
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -358,8 +358,13 @@ int crl_main(int argc, char **argv)
          goto end;
      }
  
          goto end;
      }
  
-    if (badsig)
-        x->signature->data[x->signature->length - 1] ^= 0x1;
+    if (badsig) {
+        ASN1_BIT_STRING *sig;
+        unsigned char *psig;
+        X509_CRL_get0_signature(&sig, NULL, x);
+        psig = ASN1_STRING_data(sig);
+        psig[ASN1_STRING_length(sig) - 1] ^= 0x1;
+    }
  
      if (outformat == FORMAT_ASN1)
          i = (int)i2d_X509_CRL_bio(out, x);
  
      if (outformat == FORMAT_ASN1)
          i = (int)i2d_X509_CRL_bio(out, x);
diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c

index 96c5226a5c645f5f799be95fce3ab1f40a6248bb..06c61eae4ee055c8d58e5af1b82522a8a1ff72e4 100644 (file)
--- a/crypto/asn1/t_crl.c
+++ b/crypto/asn1/t_crl.c
@@ -63,6 +63,7 @@
  #include <openssl/bn.h>
  #include <openssl/objects.h>
  #include <openssl/x509.h>
  #include <openssl/bn.h>
  #include <openssl/objects.h>
  #include <openssl/x509.h>
+#include "internal/x509_int.h"
  #include <openssl/x509v3.h>
  
  #ifndef OPENSSL_NO_STDIO
  #include <openssl/x509v3.h>
  
  #ifndef OPENSSL_NO_STDIO
diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c

index d264ec7091291c01b8ca591a68955c17a2cfa33e..73f78c41755b30d435cf18019f9399a8f5698c23 100644 (file)
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -61,6 +61,7 @@
  #include <openssl/asn1t.h>
  #include "asn1_locl.h"
  #include <openssl/x509.h>
  #include <openssl/asn1t.h>
  #include "asn1_locl.h"
  #include <openssl/x509.h>
+#include "internal/x509_int.h"
  #include <openssl/x509v3.h>
  
  static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
  #include <openssl/x509v3.h>
  
  static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h

index 70abb2cd45f7d83733aea467e779e897d5be7c92..846a3209025757173a4f9154ad92da071d491b8f 100644 (file)
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -105,3 +105,36 @@ struct X509_req_st {
      ASN1_BIT_STRING *signature;
      int references;
  };
      ASN1_BIT_STRING *signature;
      int references;
  };
+
+struct X509_crl_info_st {
+    ASN1_INTEGER *version;
+    X509_ALGOR *sig_alg;
+    X509_NAME *issuer;
+    ASN1_TIME *lastUpdate;
+    ASN1_TIME *nextUpdate;
+    STACK_OF(X509_REVOKED) *revoked;
+    STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
+    ASN1_ENCODING enc;
+};
+
+struct X509_crl_st {
+    /* actual signature */
+    X509_CRL_INFO *crl;
+    X509_ALGOR *sig_alg;
+    ASN1_BIT_STRING *signature;
+    int references;
+    int flags;
+    /* Copies of various extensions */
+    AUTHORITY_KEYID *akid;
+    ISSUING_DIST_POINT *idp;
+    /* Convenient breakdown of IDP */
+    int idp_flags;
+    int idp_reasons;
+    /* CRL and base CRL numbers for delta processing */
+    ASN1_INTEGER *crl_number;
+    ASN1_INTEGER *base_crl_number;
+    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+    STACK_OF(GENERAL_NAMES) *issuers;
+    const X509_CRL_METHOD *meth;
+    void *meth_data;
+};
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c

index cc91db84bc850d5bf814a9a01cae7304e80124a1..bd6c3c8d6d2ea94f3761f51da5282730b1a6663c 100644 (file)
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -71,6 +71,7 @@
  
  #include <openssl/lhash.h>
  #include <openssl/x509.h>
  
  #include <openssl/lhash.h>
  #include <openssl/x509.h>
+#include "internal/x509_int.h"
  
  typedef struct lookup_dir_hashes_st {
      unsigned long hash;
  
  typedef struct lookup_dir_hashes_st {
      unsigned long hash;
diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c

index 6bba5bbe7f15644c05201d65901100c90ad5790d..dc4670b89d8381f4d8bce4dc61ba2c5825a83c36 100644 (file)
--- a/crypto/x509/x509_ext.c
+++ b/crypto/x509/x509_ext.c
@@ -63,6 +63,7 @@
  #include <openssl/objects.h>
  #include <openssl/evp.h>
  #include <openssl/x509.h>
  #include <openssl/objects.h>
  #include <openssl/evp.h>
  #include <openssl/x509.h>
+#include "internal/x509_int.h"
  #include <openssl/x509v3.h>
  
  int X509_CRL_get_ext_count(X509_CRL *x)
  #include <openssl/x509v3.h>
  
  int X509_CRL_get_ext_count(X509_CRL *x)
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c

index 3dae7fa41a5d26d99153dfcff3e8a8eda8f398b9..2bd8de63c98fd64f8a39307d90b260540065c986 100644 (file)
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -60,6 +60,7 @@
  #include "internal/cryptlib.h"
  #include <openssl/lhash.h>
  #include <openssl/x509.h>
  #include "internal/cryptlib.h"
  #include <openssl/lhash.h>
  #include <openssl/x509.h>
+#include "internal/x509_int.h"
  #include <openssl/x509v3.h>
  #include "x509_lcl.h"
  
  #include <openssl/x509v3.h>
  #include "x509_lcl.h"
  
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c

index 45d53a0f484137877e3edda47218be18ca435578..1376e4486bceead7ff935ea487876d9701e04473 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -69,6 +69,7 @@
  #include <openssl/x509.h>
  #include <openssl/x509v3.h>
  #include <openssl/objects.h>
  #include <openssl/x509.h>
  #include <openssl/x509v3.h>
  #include <openssl/objects.h>
+#include "internal/x509_int.h"
  #include "x509_lcl.h"
  
  /* CRL score values */
  #include "x509_lcl.h"
  
  /* CRL score values */
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c

index c6873240af5d0ccb509f5da1f4f4d342523f0503..ca3f6968afd923fc0985a1c58af02b17d2cb06c4 100644 (file)
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -63,6 +63,7 @@
  #include <openssl/objects.h>
  #include <openssl/evp.h>
  #include <openssl/x509.h>
  #include <openssl/objects.h>
  #include <openssl/evp.h>
  #include <openssl/x509.h>
+#include "internal/x509_int.h"
  
  int X509_CRL_set_version(X509_CRL *x, long version)
  {
  
  int X509_CRL_set_version(X509_CRL *x, long version)
  {
@@ -137,6 +138,40 @@ void X509_CRL_up_ref(X509_CRL *crl)
      CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
  }
  
      CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
  }
  
+long X509_CRL_get_version(X509_CRL *crl)
+{
+    return ASN1_INTEGER_get(crl->crl->version);
+}
+
+ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
+{
+    return crl->crl->lastUpdate;
+}
+
+ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
+{
+    return crl->crl->nextUpdate;
+}
+
+X509_NAME *X509_CRL_get_issuer(X509_CRL *crl)
+{
+    return crl->crl->issuer;
+}
+
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl)
+{
+    return crl->crl->revoked;
+}
+
+void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
+                             const X509_CRL *crl)
+{
+    if (psig)
+        *psig = crl->signature;
+    if (palg)
+        *palg = crl->sig_alg;
+}
+
  int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
  {
      ASN1_TIME *in;
  int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
  {
      ASN1_TIME *in;
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c

index 38f198ee8a74e90cd0ea40146d96055a02ce4ebc..f1f8bb42d00bc52c15ef7778381931c43f6fca41 100644 (file)
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -63,6 +63,7 @@
  #include "internal/cryptlib.h"
  #include <openssl/conf.h>
  #include <openssl/x509.h>
  #include "internal/cryptlib.h"
  #include <openssl/conf.h>
  #include <openssl/x509.h>
+#include "internal/x509_int.h"
  #include <openssl/x509v3.h>
  
  static int v3_check_critical(char **value);
  #include <openssl/x509v3.h>
  
  static int v3_check_critical(char **value);
diff --git a/include/openssl/x509.h b/include/openssl/x509.h

index d1ecb2916291df0f6ac0ccb70bf94faf23d4bc66..708a6958769e32557b288e0834d4700a0b4d89b2 100644 (file)
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -340,38 +340,7 @@ struct x509_revoked_st {
  
  DECLARE_STACK_OF(X509_REVOKED)
  
  
  DECLARE_STACK_OF(X509_REVOKED)
  
-typedef struct X509_crl_info_st {
-    ASN1_INTEGER *version;
-    X509_ALGOR *sig_alg;
-    X509_NAME *issuer;
-    ASN1_TIME *lastUpdate;
-    ASN1_TIME *nextUpdate;
-    STACK_OF(X509_REVOKED) *revoked;
-    STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
-    ASN1_ENCODING enc;
-} X509_CRL_INFO;
-
-struct X509_crl_st {
-    /* actual signature */
-    X509_CRL_INFO *crl;
-    X509_ALGOR *sig_alg;
-    ASN1_BIT_STRING *signature;
-    int references;
-    int flags;
-    /* Copies of various extensions */
-    AUTHORITY_KEYID *akid;
-    ISSUING_DIST_POINT *idp;
-    /* Convenient breakdown of IDP */
-    int idp_flags;
-    int idp_reasons;
-    /* CRL and base CRL numbers for delta processing */
-    ASN1_INTEGER *crl_number;
-    ASN1_INTEGER *base_crl_number;
-    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-    STACK_OF(GENERAL_NAMES) *issuers;
-    const X509_CRL_METHOD *meth;
-    void *meth_data;
-} /* X509_CRL */ ;
+typedef struct X509_crl_info_st X509_CRL_INFO;
  
  DECLARE_STACK_OF(X509_CRL)
  
  
  DECLARE_STACK_OF(X509_CRL)
  
@@ -494,12 +463,6 @@ extern "C" {
  # define         X509_name_cmp(a,b)      X509_NAME_cmp((a),(b))
  # define         X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
  
  # define         X509_name_cmp(a,b)      X509_NAME_cmp((a),(b))
  # define         X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
  
-# define         X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
-# define         X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
-# define         X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
-# define         X509_CRL_get_issuer(x) ((x)->crl->issuer)
-# define         X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
-
  void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
  X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
                                       int (*crl_free) (X509_CRL *crl),
  void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
  X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
                                       int (*crl_free) (X509_CRL *crl),
@@ -834,6 +797,14 @@ int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
  int X509_CRL_sort(X509_CRL *crl);
  void X509_CRL_up_ref(X509_CRL *crl);
  
  int X509_CRL_sort(X509_CRL *crl);
  void X509_CRL_up_ref(X509_CRL *crl);
  
+long X509_CRL_get_version(X509_CRL *crl);
+ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
+ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
+X509_NAME *X509_CRL_get_issuer(X509_CRL *crl);
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
+void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
+                             const X509_CRL *crl);
+
  int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
  int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
  
  int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
  int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
author	Dr. Stephen Henson <steve@openssl.org>
	Mon, 31 Aug 2015 20:30:13 +0000 (21:30 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 2 Sep 2015 20:26:17 +0000 (21:26 +0100)
apps/crl.c		patch \| blob \| history
crypto/asn1/t_crl.c		patch \| blob \| history
crypto/asn1/x_crl.c		patch \| blob \| history
crypto/include/internal/x509_int.h		patch \| blob \| history
crypto/x509/by_dir.c		patch \| blob \| history
crypto/x509/x509_ext.c		patch \| blob \| history
crypto/x509/x509_lu.c		patch \| blob \| history
crypto/x509/x509_vfy.c		patch \| blob \| history
crypto/x509/x509cset.c		patch \| blob \| history
crypto/x509v3/v3_conf.c		patch \| blob \| history
include/openssl/x509.h		patch \| blob \| history