Use accessors for X509_print_ex().

Print certificate details using accessor functions. Since X509_CERT_AUX_print is only used in one place and can't be used by applications (it uses an internal X509_CERT_AUX structure) this has been removed and replaced by a function X509_aux_print which takes an X509 pointer instead. Reviewed-by: N Tim Hudson <tjh@openssl.org>

Use accessors for X509_print_ex().
Print certificate details using accessor functions. Since X509_CERT_AUX_print is only used in one place and can't be used by applications (it uses an internal X509_CERT_AUX structure) this has been removed and replaced by a function X509_aux_print which takes an X509 pointer instead. Reviewed-by: N Tim Hudson <tjh@openssl.org>
699f1635 · Dr. Stephen Henson · 748118a8 · 699f1635 · 699f1635 · 748118a8
Showing with 86 addition and 149 deletion

crypto/x509/Makefile crypto/x509/Makefile +2 -16

crypto/x509/t_x509.c crypto/x509/t_x509.c +83 -16

crypto/x509/t_x509a.c crypto/x509/t_x509a.c +0 -116

include/openssl/x509.h include/openssl/x509.h +1 -1

未找到文件。
--- a/crypto/x509/Makefile
+++ b/crypto/x509/Makefile
@@ -22,7 +22,7 @@ LIBSRC=	x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
 	x509type.c x509_lu.c x_all.c x509_txt.c \
 	x509_trs.c by_file.c by_dir.c x509_vpm.c \
 	x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \
-	x_x509a.c t_x509a.c x_attrib.c x_exten.c x_name.c
+	x_x509a.c x_attrib.c x_exten.c x_name.c
 LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
 	x509_obj.o x509_req.o x509spki.o x509_vfy.o \
 	x509_set.o x509cset.o x509rset.o x509_err.o \
@@ -30,7 +30,7 @@ LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
 	x509type.o x509_lu.o x_all.o x509_txt.o \
 	x509_trs.o by_file.o by_dir.o x509_vpm.o \
 	x_crl.o t_crl.o x_req.o t_req.o x_x509.o t_x509.o \
-	x_x509a.o t_x509a.o x_attrib.o x_exten.o x_name.o
+	x_x509a.o x_attrib.o x_exten.o x_name.o

 SRC= $(LIBSRC)

@@ -145,20 +145,6 @@ t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
 t_x509.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h
 t_x509.o: ../include/internal/x509_int.h t_x509.c
-t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
-t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_x509a.o: ../include/internal/cryptlib.h ../include/internal/x509_int.h
-t_x509a.o: t_x509a.c
 x509_att.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -64,7 +64,6 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include "internal/asn1_int.h"
-#include "internal/x509_int.h"

 #ifndef OPENSSL_NO_STDIO
 int X509_print_fp(FILE *fp, X509 *x)
@@ -101,7 +100,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
    int ret = 0, i;
    char *m = NULL, mlch = ' ';
    int nmindent = 0;
-    X509_CINF *ci;
    ASN1_INTEGER *bs;
    EVP_PKEY *pkey = NULL;
    const char *neg;
@@ -114,7 +112,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
    if (nmflags == X509_FLAG_COMPAT)
        nmindent = 16;

-    ci = &x->cert_info;
    if (!(cflag & X509_FLAG_NO_HEADER)) {
        if (BIO_write(bp, "Certificate:\n", 13) <= 0)
            goto err;
@@ -162,7 +159,8 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
    }

    if (!(cflag & X509_FLAG_NO_SIGNAME)) {
-        if (X509_signature_print(bp, &ci->signature, NULL) <= 0)
+        X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x);
+        if (X509_signature_print(bp, tsig_alg, NULL) <= 0)
            goto err;
    }

@@ -199,11 +197,14 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
            goto err;
    }
    if (!(cflag & X509_FLAG_NO_PUBKEY)) {
+        X509_PUBKEY *xpkey = X509_get_X509_PUBKEY(x);
+        ASN1_OBJECT *xpoid;
+        X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey);
        if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)
            goto err;
        if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
            goto err;
-        if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
+        if (i2a_ASN1_OBJECT(bp, xpoid) <= 0)
            goto err;
        if (BIO_puts(bp, "\n") <= 0)
            goto err;
@@ -219,30 +220,35 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
    }

    if (!(cflag & X509_FLAG_NO_IDS)) {
-        if (ci->issuerUID) {
+        ASN1_BIT_STRING *iuid, *suid;
+        X509_get0_uids(&iuid, &suid, x);
+        if (iuid != NULL) {
            if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0)
                goto err;
-            if (!X509_signature_dump(bp, ci->issuerUID, 12))
+            if (!X509_signature_dump(bp, iuid, 12))
                goto err;
        }
-        if (ci->subjectUID) {
+        if (suid != NULL) {
            if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0)
                goto err;
-            if (!X509_signature_dump(bp, ci->subjectUID, 12))
+            if (!X509_signature_dump(bp, suid, 12))
                goto err;
        }
    }

    if (!(cflag & X509_FLAG_NO_EXTENSIONS))
        X509V3_extensions_print(bp, "X509v3 extensions",
-                                ci->extensions, cflag, 8);
+                                X509_get0_extensions(x), cflag, 8);

    if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
-        if (X509_signature_print(bp, &x->sig_alg, &x->signature) <= 0)
+        X509_ALGOR *sig_alg;
+        ASN1_BIT_STRING *sig;
+        X509_get0_signature(&sig, &sig_alg, x);
+        if (X509_signature_print(bp, sig_alg, sig) <= 0)
            goto err;
    }
    if (!(cflag & X509_FLAG_NO_AUX)) {
-        if (!X509_CERT_AUX_print(bp, x->aux, 0))
+        if (!X509_aux_print(bp, x, 0))
            goto err;
    }
    ret = 1;
@@ -258,16 +264,19 @@ int X509_ocspid_print(BIO *bp, X509 *x)
    int derlen;
    int i;
    unsigned char SHA1md[SHA_DIGEST_LENGTH];
+    ASN1_BIT_STRING *keybstr;
+    X509_NAME *subj;

    /*
     * display the hash of the subject as it would appear in OCSP requests
     */
    if (BIO_printf(bp, "        Subject OCSP hash: ") <= 0)
        goto err;
-    derlen = i2d_X509_NAME(x->cert_info.subject, NULL);
+    subj = X509_get_subject_name(x);
+    derlen = i2d_X509_NAME(subj, NULL);
    if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL)
        goto err;
-    i2d_X509_NAME(x->cert_info.subject, &dertmp);
+    i2d_X509_NAME(subj, &dertmp);

    if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
        goto err;
@@ -284,8 +293,12 @@ int X509_ocspid_print(BIO *bp, X509 *x)
    if (BIO_printf(bp, "\n        Public key OCSP hash: ") <= 0)
        goto err;

-    if (!EVP_Digest(x->cert_info.key->public_key->data,
-                    x->cert_info.key->public_key->length,
+    keybstr = X509_get0_pubkey_bitstr(x);
+
+    if (keybstr == NULL)
+        goto err;
+
+    if (!EVP_Digest(ASN1_STRING_data(keybstr), ASN1_STRING_length(keybstr),
                    SHA1md, NULL, EVP_sha1(), NULL))
        goto err;
    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
@@ -347,3 +360,57 @@ int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
        return 0;
    return 1;
 }
+
+int X509_aux_print(BIO *out, X509 *x, int indent)
+{
+    char oidstr[80], first;
+    STACK_OF(ASN1_OBJECT) *trust, *reject;
+    const unsigned char *alias, *keyid;
+    int keyidlen;
+    int i;
+    if (X509_trusted(x) == 0)
+        return 1;
+    trust = X509_get0_trust_objects(x);
+    reject = X509_get0_reject_objects(x);
+    if (trust) {
+        first = 1;
+        BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, "");
+        for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
+            if (!first)
+                BIO_puts(out, ", ");
+            else
+                first = 0;
+            OBJ_obj2txt(oidstr, sizeof oidstr,
+                        sk_ASN1_OBJECT_value(trust, i), 0);
+            BIO_puts(out, oidstr);
+        }
+        BIO_puts(out, "\n");
+    } else
+        BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
+    if (reject) {
+        first = 1;
+        BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, "");
+        for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
+            if (!first)
+                BIO_puts(out, ", ");
+            else
+                first = 0;
+            OBJ_obj2txt(oidstr, sizeof oidstr,
+                        sk_ASN1_OBJECT_value(reject, i), 0);
+            BIO_puts(out, oidstr);
+        }
+        BIO_puts(out, "\n");
+    } else
+        BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+    alias = X509_alias_get0(x, NULL);
+    if (alias)
+        BIO_printf(out, "%*sAlias: %s\n", indent, "", alias);
+    keyid = X509_keyid_get0(x, &keyidlen);
+    if (keyid) {
+        BIO_printf(out, "%*sKey Id: ", indent, "");
+        for (i = 0; i < keyidlen; i++)
+            BIO_printf(out, "%s%02X", i ? ":" : "", keyid[i]);
+        BIO_write(out, "\n", 1);
+    }
+    return 1;
+}
--- a/crypto/x509/t_x509a.c
+++ b/crypto/x509/t_x509a.c
-/* t_x509a.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "internal/cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include "internal/x509_int.h"
-
-/*
- * X509_CERT_AUX and string set routines
- */
-
-int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
-{
-    char oidstr[80], first;
-    int i;
-    if (!aux)
-        return 1;
-    if (aux->trust) {
-        first = 1;
-        BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, "");
-        for (i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
-            if (!first)
-                BIO_puts(out, ", ");
-            else
-                first = 0;
-            OBJ_obj2txt(oidstr, sizeof oidstr,
-                        sk_ASN1_OBJECT_value(aux->trust, i), 0);
-            BIO_puts(out, oidstr);
-        }
-        BIO_puts(out, "\n");
-    } else
-        BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
-    if (aux->reject) {
-        first = 1;
-        BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, "");
-        for (i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
-            if (!first)
-                BIO_puts(out, ", ");
-            else
-                first = 0;
-            OBJ_obj2txt(oidstr, sizeof oidstr,
-                        sk_ASN1_OBJECT_value(aux->reject, i), 0);
-            BIO_puts(out, oidstr);
-        }
-        BIO_puts(out, "\n");
-    } else
-        BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
-    if (aux->alias)
-        BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data);
-    if (aux->keyid) {
-        BIO_printf(out, "%*sKey Id: ", indent, "");
-        for (i = 0; i < aux->keyid->length; i++)
-            BIO_printf(out, "%s%02X", i ? ":" : "", aux->keyid->data[i]);
-        BIO_write(out, "\n", 1);
-    }
-    return 1;
-}
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -810,6 +810,7 @@ int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
 int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
                     unsigned long cflag);
 int X509_print_fp(FILE *bp, X509 *x);
+int X509_aux_print(BIO *out, X509 *x, int indent);
 int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
 int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
 int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
@@ -823,7 +824,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
                  unsigned long cflag);
 int X509_print(BIO *bp, X509 *x);
 int X509_ocspid_print(BIO *bp, X509 *x);
-int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent);
 int X509_CRL_print(BIO *bp, X509_CRL *x);
 int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
                      unsigned long cflag);