mirror of https://github.com/openssl/openssl
Constify X509_check_akid and prefer using X509_get0_serialNumber over X509_get_serialNumber
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12375)
This commit is contained in:
parent
318565b733
commit
1337a3a998
|
@ -1049,7 +1049,7 @@ end_of_options:
|
|||
for (i = 0; i < sk_X509_num(cert_sk); i++) {
|
||||
BIO *Cout = NULL;
|
||||
X509 *xi = sk_X509_value(cert_sk, i);
|
||||
ASN1_INTEGER *serialNumber = X509_get_serialNumber(xi);
|
||||
const ASN1_INTEGER *serialNumber = X509_get0_serialNumber(xi);
|
||||
const unsigned char *psn = ASN1_STRING_get0_data(serialNumber);
|
||||
const int snl = ASN1_STRING_length(serialNumber);
|
||||
const int filen_len = 2 * (snl > 0 ? snl : 1) + sizeof(".pem");
|
||||
|
@ -2113,7 +2113,7 @@ static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type,
|
|||
for (i = 0; i < DB_NUMBER; i++)
|
||||
row[i] = NULL;
|
||||
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(x509), NULL, 0);
|
||||
bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509), NULL);
|
||||
bn = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x509), NULL);
|
||||
if (!bn)
|
||||
goto end;
|
||||
if (BN_is_zero(bn))
|
||||
|
|
|
@ -693,7 +693,7 @@ int x509_main(int argc, char **argv)
|
|||
X509_get_subject_name(x), get_nameopt());
|
||||
} else if (serial == i) {
|
||||
BIO_printf(out, "serial=");
|
||||
i2a_ASN1_INTEGER(out, X509_get_serialNumber(x));
|
||||
i2a_ASN1_INTEGER(out, X509_get0_serialNumber(x));
|
||||
BIO_printf(out, "\n");
|
||||
} else if (next_serial == i) {
|
||||
ASN1_INTEGER *ser = X509_get_serialNumber(x);
|
||||
|
|
|
@ -298,7 +298,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid)
|
|||
if (bodytype == OSSL_CMP_PKIBODY_KUR) {
|
||||
OSSL_CRMF_CERTID *cid =
|
||||
OSSL_CRMF_CERTID_gen(X509_get_issuer_name(refcert),
|
||||
X509_get_serialNumber(refcert));
|
||||
X509_get0_serialNumber(refcert));
|
||||
int ret;
|
||||
|
||||
if (cid == NULL)
|
||||
|
@ -469,7 +469,7 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx)
|
|||
NULL /* pubkey would be redundant */,
|
||||
NULL /* subject would be redundant */,
|
||||
X509_get_issuer_name(ctx->oldCert),
|
||||
X509_get_serialNumber(ctx->oldCert)))
|
||||
X509_get0_serialNumber(ctx->oldCert)))
|
||||
goto err;
|
||||
|
||||
/* revocation reason code is optional */
|
||||
|
|
|
@ -553,7 +553,7 @@ int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
|
|||
ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
|
||||
if (ret)
|
||||
return ret;
|
||||
return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert));
|
||||
return ASN1_INTEGER_cmp(ias->serialNumber, X509_get0_serialNumber(cert));
|
||||
}
|
||||
|
||||
int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
|
||||
|
@ -573,7 +573,7 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
|
|||
goto err;
|
||||
if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert)))
|
||||
goto err;
|
||||
if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert)))
|
||||
if (!ASN1_STRING_copy(ias->serialNumber, X509_get0_serialNumber(cert)))
|
||||
goto err;
|
||||
M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
|
||||
*pias = ias;
|
||||
|
|
|
@ -89,7 +89,7 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed)
|
|||
name = NULL; /* Ownership is lost. */
|
||||
ASN1_INTEGER_free(cid->issuer_serial->serial);
|
||||
if ((cid->issuer_serial->serial =
|
||||
ASN1_INTEGER_dup(X509_get_serialNumber(cert))) == NULL)
|
||||
ASN1_INTEGER_dup(X509_get0_serialNumber(cert))) == NULL)
|
||||
goto err;
|
||||
|
||||
return cid;
|
||||
|
@ -183,7 +183,7 @@ static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg,
|
|||
goto err;
|
||||
name = NULL; /* Ownership is lost. */
|
||||
ASN1_INTEGER_free(cid->issuer_serial->serial);
|
||||
cid->issuer_serial->serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
|
||||
cid->issuer_serial->serial = ASN1_INTEGER_dup(X509_get0_serialNumber(cert));
|
||||
if (cid->issuer_serial->serial == NULL)
|
||||
goto err;
|
||||
|
||||
|
|
|
@ -354,7 +354,7 @@ static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
|
|||
X509_get_issuer_name(pcert));
|
||||
if (ret)
|
||||
return ret;
|
||||
return ASN1_INTEGER_cmp(X509_get_serialNumber(pcert),
|
||||
return ASN1_INTEGER_cmp(X509_get0_serialNumber(pcert),
|
||||
ri->issuer_and_serial->serial);
|
||||
}
|
||||
|
||||
|
|
|
@ -324,7 +324,7 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
|
|||
*/
|
||||
ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
|
||||
if (!(p7i->issuer_and_serial->serial =
|
||||
ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
|
||||
ASN1_INTEGER_dup(X509_get0_serialNumber(x509))))
|
||||
goto err;
|
||||
|
||||
/* lets keep the pkey around for a while */
|
||||
|
@ -477,7 +477,7 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
|
|||
|
||||
ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
|
||||
if (!(p7i->issuer_and_serial->serial =
|
||||
ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
|
||||
ASN1_INTEGER_dup(X509_get0_serialNumber(x509))))
|
||||
return 0;
|
||||
|
||||
pkey = X509_get0_pubkey(x509);
|
||||
|
|
|
@ -55,7 +55,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
|
|||
int ret = 0, i;
|
||||
char *m = NULL, mlch = ' ';
|
||||
int nmindent = 0;
|
||||
ASN1_INTEGER *bs;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
const char *neg;
|
||||
|
||||
|
@ -84,11 +83,11 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
|
|||
}
|
||||
}
|
||||
if (!(cflag & X509_FLAG_NO_SERIAL)) {
|
||||
const ASN1_INTEGER *bs = X509_get0_serialNumber(x);
|
||||
|
||||
if (BIO_write(bp, " Serial Number:", 22) <= 0)
|
||||
goto err;
|
||||
|
||||
bs = X509_get_serialNumber(x);
|
||||
if (bs->length <= (int)sizeof(long)) {
|
||||
ERR_set_mark();
|
||||
l = ASN1_INTEGER_get(bs);
|
||||
|
|
|
@ -132,7 +132,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
|
|||
|
||||
if ((issuer && !ikeyid) || (issuer == 2)) {
|
||||
isname = X509_NAME_dup(X509_get_issuer_name(cert));
|
||||
serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
|
||||
serial = ASN1_INTEGER_dup(X509_get0_serialNumber(cert));
|
||||
if (!isname || !serial) {
|
||||
X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
|
||||
X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
|
||||
|
|
|
@ -899,7 +899,7 @@ int X509_check_issued(X509 *issuer, X509 *subject)
|
|||
return x509_check_issued_int(issuer, subject, NULL, NULL);
|
||||
}
|
||||
|
||||
int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
|
||||
int X509_check_akid(const X509 *issuer, const AUTHORITY_KEYID *akid)
|
||||
{
|
||||
if (akid == NULL)
|
||||
return X509_V_OK;
|
||||
|
@ -910,7 +910,7 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
|
|||
return X509_V_ERR_AKID_SKID_MISMATCH;
|
||||
/* Check serial number */
|
||||
if (akid->serial &&
|
||||
ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial))
|
||||
ASN1_INTEGER_cmp(X509_get0_serialNumber(issuer), akid->serial))
|
||||
return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
|
||||
/* Check issuer name */
|
||||
if (akid->issuer) {
|
||||
|
|
|
@ -370,7 +370,7 @@ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
|
|||
{
|
||||
if (crl->meth->crl_lookup)
|
||||
return crl->meth->crl_lookup(crl, ret,
|
||||
X509_get_serialNumber(x),
|
||||
X509_get0_serialNumber(x),
|
||||
X509_get_issuer_name(x));
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -667,7 +667,7 @@ int X509_check_purpose(X509 *x, int id, int ca);
|
|||
int X509_supported_extension(X509_EXTENSION *ex);
|
||||
int X509_PURPOSE_set(int *p, int purpose);
|
||||
int X509_check_issued(X509 *issuer, X509 *subject);
|
||||
int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
|
||||
int X509_check_akid(const X509 *issuer, const AUTHORITY_KEYID *akid);
|
||||
void X509_set_proxy_flag(X509 *x);
|
||||
void X509_set_proxy_pathlen(X509 *x, long l);
|
||||
long X509_get_proxy_pathlen(X509 *x);
|
||||
|
|
Loading…
Reference in New Issue