From 699f1635242d509d0e47ca3132d1b5682a6a32b7 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 22 Sep 2015 23:40:01 +0100 Subject: [PATCH] Use accessors for X509_print_ex(). Print certificate details using accessor functions. Since X509_CERT_AUX_print is only used in one place and can't be used by applications (it uses an internal X509_CERT_AUX structure) this has been removed and replaced by a function X509_aux_print which takes an X509 pointer instead. Reviewed-by: Tim Hudson --- crypto/x509/Makefile | 18 +------ crypto/x509/t_x509.c | 99 +++++++++++++++++++++++++++++------ crypto/x509/t_x509a.c | 116 ----------------------------------------- include/openssl/x509.h | 2 +- 4 files changed, 86 insertions(+), 149 deletions(-) delete mode 100644 crypto/x509/t_x509a.c diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile index ba0c87e9cf..bb86d44158 100644 --- a/crypto/x509/Makefile +++ b/crypto/x509/Makefile @@ -22,7 +22,7 @@ LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \ x509type.c x509_lu.c x_all.c x509_txt.c \ x509_trs.c by_file.c by_dir.c x509_vpm.c \ x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \ - x_x509a.c t_x509a.c x_attrib.c x_exten.c x_name.c + x_x509a.c x_attrib.c x_exten.c x_name.c LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \ x509_obj.o x509_req.o x509spki.o x509_vfy.o \ x509_set.o x509cset.o x509rset.o x509_err.o \ @@ -30,7 +30,7 @@ LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \ x509type.o x509_lu.o x_all.o x509_txt.o \ x509_trs.o by_file.o by_dir.o x509_vpm.o \ x_crl.o t_crl.o x_req.o t_req.o x_x509.o t_x509.o \ - x_x509a.o t_x509a.o x_attrib.o x_exten.o x_name.o + x_x509a.o x_attrib.o x_exten.o x_name.o SRC= $(LIBSRC) @@ -145,20 +145,6 @@ t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h t_x509.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h t_x509.o: ../include/internal/x509_int.h t_x509.c -t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h -t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_x509a.o: ../include/internal/cryptlib.h ../include/internal/x509_int.h -t_x509a.o: t_x509a.c x509_att.o: ../../e_os.h ../../include/openssl/asn1.h x509_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 5a73db1b8b..3a29f4082a 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -64,7 +64,6 @@ #include #include #include "internal/asn1_int.h" -#include "internal/x509_int.h" #ifndef OPENSSL_NO_STDIO int X509_print_fp(FILE *fp, X509 *x) @@ -101,7 +100,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, int ret = 0, i; char *m = NULL, mlch = ' '; int nmindent = 0; - X509_CINF *ci; ASN1_INTEGER *bs; EVP_PKEY *pkey = NULL; const char *neg; @@ -114,7 +112,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, if (nmflags == X509_FLAG_COMPAT) nmindent = 16; - ci = &x->cert_info; if (!(cflag & X509_FLAG_NO_HEADER)) { if (BIO_write(bp, "Certificate:\n", 13) <= 0) goto err; @@ -162,7 +159,8 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, } if (!(cflag & X509_FLAG_NO_SIGNAME)) { - if (X509_signature_print(bp, &ci->signature, NULL) <= 0) + X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x); + if (X509_signature_print(bp, tsig_alg, NULL) <= 0) goto err; } @@ -199,11 +197,14 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, goto err; } if (!(cflag & X509_FLAG_NO_PUBKEY)) { + X509_PUBKEY *xpkey = X509_get_X509_PUBKEY(x); + ASN1_OBJECT *xpoid; + X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey); if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) goto err; if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) goto err; - if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0) + if (i2a_ASN1_OBJECT(bp, xpoid) <= 0) goto err; if (BIO_puts(bp, "\n") <= 0) goto err; @@ -219,30 +220,35 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, } if (!(cflag & X509_FLAG_NO_IDS)) { - if (ci->issuerUID) { + ASN1_BIT_STRING *iuid, *suid; + X509_get0_uids(&iuid, &suid, x); + if (iuid != NULL) { if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0) goto err; - if (!X509_signature_dump(bp, ci->issuerUID, 12)) + if (!X509_signature_dump(bp, iuid, 12)) goto err; } - if (ci->subjectUID) { + if (suid != NULL) { if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0) goto err; - if (!X509_signature_dump(bp, ci->subjectUID, 12)) + if (!X509_signature_dump(bp, suid, 12)) goto err; } } if (!(cflag & X509_FLAG_NO_EXTENSIONS)) X509V3_extensions_print(bp, "X509v3 extensions", - ci->extensions, cflag, 8); + X509_get0_extensions(x), cflag, 8); if (!(cflag & X509_FLAG_NO_SIGDUMP)) { - if (X509_signature_print(bp, &x->sig_alg, &x->signature) <= 0) + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *sig; + X509_get0_signature(&sig, &sig_alg, x); + if (X509_signature_print(bp, sig_alg, sig) <= 0) goto err; } if (!(cflag & X509_FLAG_NO_AUX)) { - if (!X509_CERT_AUX_print(bp, x->aux, 0)) + if (!X509_aux_print(bp, x, 0)) goto err; } ret = 1; @@ -258,16 +264,19 @@ int X509_ocspid_print(BIO *bp, X509 *x) int derlen; int i; unsigned char SHA1md[SHA_DIGEST_LENGTH]; + ASN1_BIT_STRING *keybstr; + X509_NAME *subj; /* * display the hash of the subject as it would appear in OCSP requests */ if (BIO_printf(bp, " Subject OCSP hash: ") <= 0) goto err; - derlen = i2d_X509_NAME(x->cert_info.subject, NULL); + subj = X509_get_subject_name(x); + derlen = i2d_X509_NAME(subj, NULL); if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL) goto err; - i2d_X509_NAME(x->cert_info.subject, &dertmp); + i2d_X509_NAME(subj, &dertmp); if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL)) goto err; @@ -284,8 +293,12 @@ int X509_ocspid_print(BIO *bp, X509 *x) if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0) goto err; - if (!EVP_Digest(x->cert_info.key->public_key->data, - x->cert_info.key->public_key->length, + keybstr = X509_get0_pubkey_bitstr(x); + + if (keybstr == NULL) + goto err; + + if (!EVP_Digest(ASN1_STRING_data(keybstr), ASN1_STRING_length(keybstr), SHA1md, NULL, EVP_sha1(), NULL)) goto err; for (i = 0; i < SHA_DIGEST_LENGTH; i++) { @@ -347,3 +360,57 @@ int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) return 0; return 1; } + +int X509_aux_print(BIO *out, X509 *x, int indent) +{ + char oidstr[80], first; + STACK_OF(ASN1_OBJECT) *trust, *reject; + const unsigned char *alias, *keyid; + int keyidlen; + int i; + if (X509_trusted(x) == 0) + return 1; + trust = X509_get0_trust_objects(x); + reject = X509_get0_reject_objects(x); + if (trust) { + first = 1; + BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, ""); + for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) { + if (!first) + BIO_puts(out, ", "); + else + first = 0; + OBJ_obj2txt(oidstr, sizeof oidstr, + sk_ASN1_OBJECT_value(trust, i), 0); + BIO_puts(out, oidstr); + } + BIO_puts(out, "\n"); + } else + BIO_printf(out, "%*sNo Trusted Uses.\n", indent, ""); + if (reject) { + first = 1; + BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, ""); + for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) { + if (!first) + BIO_puts(out, ", "); + else + first = 0; + OBJ_obj2txt(oidstr, sizeof oidstr, + sk_ASN1_OBJECT_value(reject, i), 0); + BIO_puts(out, oidstr); + } + BIO_puts(out, "\n"); + } else + BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); + alias = X509_alias_get0(x, NULL); + if (alias) + BIO_printf(out, "%*sAlias: %s\n", indent, "", alias); + keyid = X509_keyid_get0(x, &keyidlen); + if (keyid) { + BIO_printf(out, "%*sKey Id: ", indent, ""); + for (i = 0; i < keyidlen; i++) + BIO_printf(out, "%s%02X", i ? ":" : "", keyid[i]); + BIO_write(out, "\n", 1); + } + return 1; +} diff --git a/crypto/x509/t_x509a.c b/crypto/x509/t_x509a.c deleted file mode 100644 index 06b227e388..0000000000 --- a/crypto/x509/t_x509a.c +++ /dev/null @@ -1,116 +0,0 @@ -/* t_x509a.c */ -/* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "internal/x509_int.h" - -/* - * X509_CERT_AUX and string set routines - */ - -int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) -{ - char oidstr[80], first; - int i; - if (!aux) - return 1; - if (aux->trust) { - first = 1; - BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, ""); - for (i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) { - if (!first) - BIO_puts(out, ", "); - else - first = 0; - OBJ_obj2txt(oidstr, sizeof oidstr, - sk_ASN1_OBJECT_value(aux->trust, i), 0); - BIO_puts(out, oidstr); - } - BIO_puts(out, "\n"); - } else - BIO_printf(out, "%*sNo Trusted Uses.\n", indent, ""); - if (aux->reject) { - first = 1; - BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, ""); - for (i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) { - if (!first) - BIO_puts(out, ", "); - else - first = 0; - OBJ_obj2txt(oidstr, sizeof oidstr, - sk_ASN1_OBJECT_value(aux->reject, i), 0); - BIO_puts(out, oidstr); - } - BIO_puts(out, "\n"); - } else - BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); - if (aux->alias) - BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data); - if (aux->keyid) { - BIO_printf(out, "%*sKey Id: ", indent, ""); - for (i = 0; i < aux->keyid->length; i++) - BIO_printf(out, "%s%02X", i ? ":" : "", aux->keyid->data[i]); - BIO_write(out, "\n", 1); - } - return 1; -} diff --git a/include/openssl/x509.h b/include/openssl/x509.h index d9ad95f6d0..8ba055fffc 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -810,6 +810,7 @@ int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, unsigned long cflag); int X509_print_fp(FILE *bp, X509 *x); +int X509_aux_print(BIO *out, X509 *x, int indent); int X509_CRL_print_fp(FILE *bp, X509_CRL *x); int X509_REQ_print_fp(FILE *bp, X509_REQ *req); int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, @@ -823,7 +824,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, unsigned long cflag); int X509_print(BIO *bp, X509 *x); int X509_ocspid_print(BIO *bp, X509 *x); -int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent); int X509_CRL_print(BIO *bp, X509_CRL *x); int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); -- GitLab