summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2015-08-31 22:30:13 +0200
committerDr. Stephen Henson <steve@openssl.org>2015-09-02 22:26:17 +0200
commite3e571925c40f4d9e0adfc7704e5df2057a13a19 (patch)
tree77221e5e693880f49b88e1396206f8d4879c586d
parentExtend ciphersuite test coverage. (diff)
downloadopenssl-e3e571925c40f4d9e0adfc7704e5df2057a13a19.tar.xz
openssl-e3e571925c40f4d9e0adfc7704e5df2057a13a19.zip
make X509_CRL opaque
Reviewed-by: Tim Hudson <tjh@openssl.org>
-rw-r--r--apps/crl.c9
-rw-r--r--crypto/asn1/t_crl.c1
-rw-r--r--crypto/asn1/x_crl.c1
-rw-r--r--crypto/include/internal/x509_int.h33
-rw-r--r--crypto/x509/by_dir.c1
-rw-r--r--crypto/x509/x509_ext.c1
-rw-r--r--crypto/x509/x509_lu.c1
-rw-r--r--crypto/x509/x509_vfy.c1
-rw-r--r--crypto/x509/x509cset.c35
-rw-r--r--crypto/x509v3/v3_conf.c1
-rw-r--r--include/openssl/x509.h47
11 files changed, 91 insertions, 40 deletions
diff --git a/apps/crl.c b/apps/crl.c
index b4c9c75384..c0bf8749d2 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -358,8 +358,13 @@ int crl_main(int argc, char **argv)
goto end;
}
- if (badsig)
- x->signature->data[x->signature->length - 1] ^= 0x1;
+ if (badsig) {
+ ASN1_BIT_STRING *sig;
+ unsigned char *psig;
+ X509_CRL_get0_signature(&sig, NULL, x);
+ psig = ASN1_STRING_data(sig);
+ psig[ASN1_STRING_length(sig) - 1] ^= 0x1;
+ }
if (outformat == FORMAT_ASN1)
i = (int)i2d_X509_CRL_bio(out, x);
diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c
index 96c5226a5c..06c61eae4e 100644
--- a/crypto/asn1/t_crl.c
+++ b/crypto/asn1/t_crl.c
@@ -63,6 +63,7 @@
#include <openssl/bn.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#include "internal/x509_int.h"
#include <openssl/x509v3.h>
#ifndef OPENSSL_NO_STDIO
diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index d264ec7091..73f78c4175 100644
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -61,6 +61,7 @@
#include <openssl/asn1t.h>
#include "asn1_locl.h"
#include <openssl/x509.h>
+#include "internal/x509_int.h"
#include <openssl/x509v3.h>
static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h
index 70abb2cd45..846a320902 100644
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -105,3 +105,36 @@ struct X509_req_st {
ASN1_BIT_STRING *signature;
int references;
};
+
+struct X509_crl_info_st {
+ ASN1_INTEGER *version;
+ X509_ALGOR *sig_alg;
+ X509_NAME *issuer;
+ ASN1_TIME *lastUpdate;
+ ASN1_TIME *nextUpdate;
+ STACK_OF(X509_REVOKED) *revoked;
+ STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
+ ASN1_ENCODING enc;
+};
+
+struct X509_crl_st {
+ /* actual signature */
+ X509_CRL_INFO *crl;
+ X509_ALGOR *sig_alg;
+ ASN1_BIT_STRING *signature;
+ int references;
+ int flags;
+ /* Copies of various extensions */
+ AUTHORITY_KEYID *akid;
+ ISSUING_DIST_POINT *idp;
+ /* Convenient breakdown of IDP */
+ int idp_flags;
+ int idp_reasons;
+ /* CRL and base CRL numbers for delta processing */
+ ASN1_INTEGER *crl_number;
+ ASN1_INTEGER *base_crl_number;
+ unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+ STACK_OF(GENERAL_NAMES) *issuers;
+ const X509_CRL_METHOD *meth;
+ void *meth_data;
+};
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index cc91db84bc..bd6c3c8d6d 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -71,6 +71,7 @@
#include <openssl/lhash.h>
#include <openssl/x509.h>
+#include "internal/x509_int.h"
typedef struct lookup_dir_hashes_st {
unsigned long hash;
diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c
index 6bba5bbe7f..dc4670b89d 100644
--- a/crypto/x509/x509_ext.c
+++ b/crypto/x509/x509_ext.c
@@ -63,6 +63,7 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
+#include "internal/x509_int.h"
#include <openssl/x509v3.h>
int X509_CRL_get_ext_count(X509_CRL *x)
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 3dae7fa41a..2bd8de63c9 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -60,6 +60,7 @@
#include "internal/cryptlib.h"
#include <openssl/lhash.h>
#include <openssl/x509.h>
+#include "internal/x509_int.h"
#include <openssl/x509v3.h>
#include "x509_lcl.h"
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 45d53a0f48..1376e4486b 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -69,6 +69,7 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/objects.h>
+#include "internal/x509_int.h"
#include "x509_lcl.h"
/* CRL score values */
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index c6873240af..ca3f6968af 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -63,6 +63,7 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
+#include "internal/x509_int.h"
int X509_CRL_set_version(X509_CRL *x, long version)
{
@@ -137,6 +138,40 @@ void X509_CRL_up_ref(X509_CRL *crl)
CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
}
+long X509_CRL_get_version(X509_CRL *crl)
+{
+ return ASN1_INTEGER_get(crl->crl->version);
+}
+
+ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
+{
+ return crl->crl->lastUpdate;
+}
+
+ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
+{
+ return crl->crl->nextUpdate;
+}
+
+X509_NAME *X509_CRL_get_issuer(X509_CRL *crl)
+{
+ return crl->crl->issuer;
+}
+
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl)
+{
+ return crl->crl->revoked;
+}
+
+void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
+ const X509_CRL *crl)
+{
+ if (psig)
+ *psig = crl->signature;
+ if (palg)
+ *palg = crl->sig_alg;
+}
+
int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
{
ASN1_TIME *in;
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index 38f198ee8a..f1f8bb42d0 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -63,6 +63,7 @@
#include "internal/cryptlib.h"
#include <openssl/conf.h>
#include <openssl/x509.h>
+#include "internal/x509_int.h"
#include <openssl/x509v3.h>
static int v3_check_critical(char **value);
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index d1ecb29162..708a695876 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -340,38 +340,7 @@ struct x509_revoked_st {
DECLARE_STACK_OF(X509_REVOKED)
-typedef struct X509_crl_info_st {
- ASN1_INTEGER *version;
- X509_ALGOR *sig_alg;
- X509_NAME *issuer;
- ASN1_TIME *lastUpdate;
- ASN1_TIME *nextUpdate;
- STACK_OF(X509_REVOKED) *revoked;
- STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
- ASN1_ENCODING enc;
-} X509_CRL_INFO;
-
-struct X509_crl_st {
- /* actual signature */
- X509_CRL_INFO *crl;
- X509_ALGOR *sig_alg;
- ASN1_BIT_STRING *signature;
- int references;
- int flags;
- /* Copies of various extensions */
- AUTHORITY_KEYID *akid;
- ISSUING_DIST_POINT *idp;
- /* Convenient breakdown of IDP */
- int idp_flags;
- int idp_reasons;
- /* CRL and base CRL numbers for delta processing */
- ASN1_INTEGER *crl_number;
- ASN1_INTEGER *base_crl_number;
- unsigned char sha1_hash[SHA_DIGEST_LENGTH];
- STACK_OF(GENERAL_NAMES) *issuers;
- const X509_CRL_METHOD *meth;
- void *meth_data;
-} /* X509_CRL */ ;
+typedef struct X509_crl_info_st X509_CRL_INFO;
DECLARE_STACK_OF(X509_CRL)
@@ -494,12 +463,6 @@ extern "C" {
# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
# define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
-# define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
-# define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
-# define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
-# define X509_CRL_get_issuer(x) ((x)->crl->issuer)
-# define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
-
void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
int (*crl_free) (X509_CRL *crl),
@@ -834,6 +797,14 @@ int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
int X509_CRL_sort(X509_CRL *crl);
void X509_CRL_up_ref(X509_CRL *crl);
+long X509_CRL_get_version(X509_CRL *crl);
+ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
+ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
+X509_NAME *X509_CRL_get_issuer(X509_CRL *crl);
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
+void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
+ const X509_CRL *crl);
+
int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);