make X509_REQ opaque Reviewed-by: Rich Salz <rsalz@openssl.org>
diff --git a/apps/ca.c b/apps/ca.c index 0a8d7b7..b93cff5 100644 --- a/apps/ca.c +++ b/apps/ca.c
@@ -1479,7 +1479,6 @@ goto end; } X509_REQ_set_subject_name(req, n); - req->req_info->enc.modified = 1; X509_NAME_free(n); } @@ -1993,7 +1992,6 @@ X509_REQ *req = NULL; CONF_VALUE *cv = NULL; NETSCAPE_SPKI *spki = NULL; - X509_REQ_INFO *ri; char *type, *buf; EVP_PKEY *pktmp = NULL; X509_NAME *n = NULL; @@ -2037,8 +2035,7 @@ /* * Build up the subject name set. */ - ri = req->req_info; - n = ri->subject; + n = X509_REQ_get_subject_name(req); for (i = 0;; i++) { if (sk_CONF_VALUE_num(sk) <= i)
diff --git a/apps/req.c b/apps/req.c index 9b017aa..59cc6b4 100644 --- a/apps/req.c +++ b/apps/req.c
@@ -726,8 +726,6 @@ goto end; } - req->req_info->enc.modified = 1; - if (verbose) { print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
diff --git a/apps/x509.c b/apps/x509.c index 2fd92f4..6b41a75 100644 --- a/apps/x509.c +++ b/apps/x509.c
@@ -567,15 +567,6 @@ goto end; } - if ((req->req_info == NULL) || - (req->req_info->pubkey == NULL) || - (req->req_info->pubkey->public_key == NULL) || - (req->req_info->pubkey->public_key->data == NULL)) { - BIO_printf(bio_err, - "The certificate request appears to corrupted\n"); - BIO_printf(bio_err, "It does not contain a public key\n"); - goto end; - } if ((pkey = X509_REQ_get_pubkey(req)) == NULL) { BIO_printf(bio_err, "error unpacking public key\n"); goto end; @@ -611,9 +602,9 @@ } else if (!X509_set_serialNumber(x, sno)) goto end; - if (!X509_set_issuer_name(x, req->req_info->subject)) + if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req))) goto end; - if (!X509_set_subject_name(x, req->req_info->subject)) + if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req))) goto end; X509_gmtime_adj(X509_get_notBefore(x), 0);
diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index fd83023..7d72e0a 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c
@@ -62,6 +62,7 @@ #include <openssl/bn.h> #include <openssl/objects.h> #include <openssl/x509.h> +#include "internal/x509_int.h" #include <openssl/x509v3.h> #ifndef OPENSSL_NO_RSA # include <openssl/rsa.h>
diff --git a/crypto/asn1/x_req.c b/crypto/asn1/x_req.c index 1679a56..102b1f6 100644 --- a/crypto/asn1/x_req.c +++ b/crypto/asn1/x_req.c
@@ -60,6 +60,7 @@ #include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/x509.h> +#include "internal/x509_int.h" /*- * X509_REQ_INFO is handled in an unusual way to get round
diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h index 644b27d..70abb2c 100644 --- a/crypto/include/internal/x509_int.h +++ b/crypto/include/internal/x509_int.h
@@ -89,3 +89,19 @@ ASN1_OCTET_STRING *keyid; /* key id of private key */ STACK_OF(X509_ALGOR) *other; /* other unspecified info */ }; + +struct X509_req_info_st { + ASN1_ENCODING enc; + ASN1_INTEGER *version; + X509_NAME *subject; + X509_PUBKEY *pubkey; + /* d=2 hl=2 l= 0 cons: cont: 00 */ + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ +}; + +struct X509_req_st { + X509_REQ_INFO *req_info; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int references; +};
diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c index d9c3cfd..abf75cd 100644 --- a/crypto/x509/x509_r2x.c +++ b/crypto/x509/x509_r2x.c
@@ -62,6 +62,7 @@ #include <openssl/evp.h> #include <openssl/asn1.h> #include <openssl/x509.h> +#include "internal/x509_int.h" #include <openssl/objects.h> #include <openssl/buffer.h>
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index b6c4698..70e27b8 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c
@@ -63,6 +63,7 @@ #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/x509.h> +#include "internal/x509_int.h" #include <openssl/objects.h> #include <openssl/buffer.h> #include <openssl/pem.h> @@ -303,3 +304,13 @@ return 1; return 0; } + +long X509_REQ_get_version(X509_REQ *req) +{ + return ASN1_INTEGER_get(req->req_info->version); +} + +X509_NAME *X509_REQ_get_subject_name(X509_REQ *req) +{ + return req->req_info->subject; +}
diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c index cafaf75..cf9bdfb 100644 --- a/crypto/x509/x509rset.c +++ b/crypto/x509/x509rset.c
@@ -62,11 +62,13 @@ #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/x509.h> +#include "internal/x509_int.h" int X509_REQ_set_version(X509_REQ *x, long version) { if (x == NULL) return (0); + x->req_info->enc.modified = 1; return (ASN1_INTEGER_set(x->req_info->version, version)); } @@ -74,6 +76,7 @@ { if ((x == NULL) || (x->req_info == NULL)) return (0); + x->req_info->enc.modified = 1; return (X509_NAME_set(&x->req_info->subject, name)); } @@ -81,5 +84,6 @@ { if ((x == NULL) || (x->req_info == NULL)) return (0); + x->req_info->enc.modified = 1; return (X509_PUBKEY_set(&x->req_info->pubkey, pkey)); }
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index a7ad148..591a951 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c
@@ -63,6 +63,7 @@ #include <openssl/asn1.h> #include <openssl/evp.h> #include <openssl/x509.h> +#include "internal/x509_int.h" #include <openssl/ocsp.h> #ifndef OPENSSL_NO_RSA # include <openssl/rsa.h>
diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index c0c71c0..a1167cc 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c
@@ -60,6 +60,7 @@ #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/x509v3.h> +#include "internal/x509_int.h" static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index cd8aff2..15029f9 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c
@@ -63,6 +63,7 @@ #include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/x509v3.h> +#include "internal/x509_int.h" #include <openssl/bn.h> static char *strip_spaces(char *name);
diff --git a/include/openssl/x509.h b/include/openssl/x509.h index ab8abca..dc96a2b 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h
@@ -166,21 +166,9 @@ DECLARE_STACK_OF(X509_ATTRIBUTE) -typedef struct X509_req_info_st { - ASN1_ENCODING enc; - ASN1_INTEGER *version; - X509_NAME *subject; - X509_PUBKEY *pubkey; - /* d=2 hl=2 l= 0 cons: cont: 00 */ - STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ -} X509_REQ_INFO; +typedef struct X509_req_info_st X509_REQ_INFO; -typedef struct X509_req_st { - X509_REQ_INFO *req_info; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - int references; -} X509_REQ; +typedef struct X509_req_st X509_REQ; typedef struct x509_cinf_st { ASN1_INTEGER *version; /* [ 0 ] default of v1 */ @@ -508,8 +496,6 @@ # define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) # define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) # define X509_extract_key(x) X509_get_pubkey(x)/*****/ -# define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) -# define X509_REQ_get_subject_name(x) ((x)->req_info->subject) # define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) # define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) # define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) @@ -816,7 +802,9 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ ); +long X509_REQ_get_version(X509_REQ *req); int X509_REQ_set_version(X509_REQ *x, long version); +X509_NAME *X509_REQ_get_subject_name(X509_REQ *req); int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);