X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fx509%2Fx509_cmp.c;h=6f8199b6b4e7b03aabe364ca87b6de1cfc6c884d;hp=eb46a677a490d377b1f6ab16c877d95c962aff0d;hb=5cf6abd805b9f15127f9f343a6e3b662565f93d5;hpb=f422a51486a3ab415153eccdc3c3746c53da01f4 diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index eb46a677a4..6f8199b6b4 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -58,19 +58,20 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include #include +#include "internal/x509_int.h" int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) { int i; - X509_CINF *ai, *bi; + const X509_CINF *ai, *bi; - ai = a->cert_info; - bi = b->cert_info; + ai = &a->cert_info; + bi = &b->cert_info; i = ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber); if (i) return (i); @@ -86,15 +87,15 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) char *f; EVP_MD_CTX_init(&ctx); - f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0); + f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) goto err; if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f))) goto err; OPENSSL_free(f); if (!EVP_DigestUpdate - (&ctx, (unsigned char *)a->cert_info->serialNumber->data, - (unsigned long)a->cert_info->serialNumber->length)) + (&ctx, (unsigned char *)a->cert_info.serialNumber->data, + (unsigned long)a->cert_info.serialNumber->length)) goto err; if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL)) goto err; @@ -109,17 +110,17 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) int X509_issuer_name_cmp(const X509 *a, const X509 *b) { - return (X509_NAME_cmp(a->cert_info->issuer, b->cert_info->issuer)); + return (X509_NAME_cmp(a->cert_info.issuer, b->cert_info.issuer)); } int X509_subject_name_cmp(const X509 *a, const X509 *b) { - return (X509_NAME_cmp(a->cert_info->subject, b->cert_info->subject)); + return (X509_NAME_cmp(a->cert_info.subject, b->cert_info.subject)); } int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) { - return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer)); + return (X509_NAME_cmp(a->crl.issuer, b->crl.issuer)); } int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) @@ -129,40 +130,40 @@ int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) X509_NAME *X509_get_issuer_name(X509 *a) { - return (a->cert_info->issuer); + return (a->cert_info.issuer); } unsigned long X509_issuer_name_hash(X509 *x) { - return (X509_NAME_hash(x->cert_info->issuer)); + return (X509_NAME_hash(x->cert_info.issuer)); } #ifndef OPENSSL_NO_MD5 unsigned long X509_issuer_name_hash_old(X509 *x) { - return (X509_NAME_hash_old(x->cert_info->issuer)); + return (X509_NAME_hash_old(x->cert_info.issuer)); } #endif X509_NAME *X509_get_subject_name(X509 *a) { - return (a->cert_info->subject); + return (a->cert_info.subject); } ASN1_INTEGER *X509_get_serialNumber(X509 *a) { - return (a->cert_info->serialNumber); + return (a->cert_info.serialNumber); } unsigned long X509_subject_name_hash(X509 *x) { - return (X509_NAME_hash(x->cert_info->subject)); + return (X509_NAME_hash(x->cert_info.subject)); } #ifndef OPENSSL_NO_MD5 unsigned long X509_subject_name_hash_old(X509 *x) { - return (X509_NAME_hash_old(x->cert_info->subject)); + return (X509_NAME_hash_old(x->cert_info.subject)); } #endif @@ -185,12 +186,12 @@ int X509_cmp(const X509 *a, const X509 *b) if (rv) return rv; /* Check for match against stored encoding too */ - if (!a->cert_info->enc.modified && !b->cert_info->enc.modified) { - rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len); + if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) { + rv = (int)(a->cert_info.enc.len - b->cert_info.enc.len); if (rv) return rv; - return memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc, - a->cert_info->enc.len); + return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc, + a->cert_info.enc.len); } return rv; } @@ -272,15 +273,13 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, ASN1_INTEGER *serial) { int i; - X509_CINF cinf; X509 x, *x509 = NULL; if (!sk) return NULL; - x.cert_info = &cinf; - cinf.serialNumber = serial; - cinf.issuer = name; + x.cert_info.serialNumber = serial; + x.cert_info.issuer = name; for (i = 0; i < sk_X509_num(sk); i++) { x509 = sk_X509_value(sk, i); @@ -305,16 +304,16 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name) EVP_PKEY *X509_get_pubkey(X509 *x) { - if ((x == NULL) || (x->cert_info == NULL)) + if (x == NULL) return (NULL); - return (X509_PUBKEY_get(x->cert_info->key)); + return (X509_PUBKEY_get(x->cert_info.key)); } ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) { if (!x) return NULL; - return x->cert_info->key->public_key; + return x->cert_info.key->public_key; } int X509_check_private_key(X509 *x, EVP_PKEY *k) @@ -341,8 +340,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) case -2: X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE); } - if (xk) - EVP_PKEY_free(xk); + EVP_PKEY_free(xk); if (ret > 0) return 1; return 0; @@ -435,8 +433,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, /* Final check: root CA signature */ rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags); end: - if (pk) - EVP_PKEY_free(pk); + EVP_PKEY_free(pk); if (rv != X509_V_OK) { /* Invalid signature or LOS errors are for previous cert */ if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM @@ -459,7 +456,7 @@ int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) int sign_nid; if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) return X509_V_OK; - sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm); + sign_nid = OBJ_obj2nid(crl->crl.sig_alg->algorithm); return check_suite_b(pk, sign_nid, &flags); } @@ -488,7 +485,7 @@ STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain) ret = sk_X509_dup(chain); for (i = 0; i < sk_X509_num(ret); i++) { X509 *x = sk_X509_value(ret, i); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(x); } return ret; }