make X509_REQ opaque

Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-08-31 12:58:07 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2015-08-31 20:58:33 +0100
commit: 124055a96e8533735b32e6af0fa7913c100ffad2 (patch)
tree: 1ba18c2a6162f80c8eb8514ffc3f005da879ec8d
parent: bc3686dfb031445c5af9a256a46a57dc1277a190 (diff)
13 files changed, 44 insertions, 33 deletions
diff --git a/apps/ca.c b/apps/ca.c
index 0a8d7b7417..b93cff5619 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1479,7 +1479,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
             goto end;
         }
         X509_REQ_set_subject_name(req, n);
-        req->req_info->enc.modified = 1;
         X509_NAME_free(n);
     }
 
@@ -1993,7 +1992,6 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
     X509_REQ *req = NULL;
     CONF_VALUE *cv = NULL;
     NETSCAPE_SPKI *spki = NULL;
-    X509_REQ_INFO *ri;
     char *type, *buf;
     EVP_PKEY *pktmp = NULL;
     X509_NAME *n = NULL;
@@ -2037,8 +2035,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
     /*
      * Build up the subject name set.
      */
-    ri = req->req_info;
-    n = ri->subject;
+    n = X509_REQ_get_subject_name(req);
 
     for (i = 0;; i++) {
         if (sk_CONF_VALUE_num(sk) <= i)
diff --git a/apps/req.c b/apps/req.c
index 9b017aa7bb..59cc6b4664 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -726,8 +726,6 @@ int req_main(int argc, char **argv)
             goto end;
         }
 
-        req->req_info->enc.modified = 1;
-
         if (verbose) {
             print_name(bio_err, "new subject=",
                        X509_REQ_get_subject_name(req), nmflag);
diff --git a/apps/x509.c b/apps/x509.c
index 2fd92f4dcf..6b41a7501a 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -567,15 +567,6 @@ int x509_main(int argc, char **argv)
             goto end;
         }
 
-        if ((req->req_info == NULL) ||
-            (req->req_info->pubkey == NULL) ||
-            (req->req_info->pubkey->public_key == NULL) ||
-            (req->req_info->pubkey->public_key->data == NULL)) {
-            BIO_printf(bio_err,
-                       "The certificate request appears to corrupted\n");
-            BIO_printf(bio_err, "It does not contain a public key\n");
-            goto end;
-        }
         if ((pkey = X509_REQ_get_pubkey(req)) == NULL) {
             BIO_printf(bio_err, "error unpacking public key\n");
             goto end;
@@ -611,9 +602,9 @@ int x509_main(int argc, char **argv)
         } else if (!X509_set_serialNumber(x, sno))
             goto end;
 
-        if (!X509_set_issuer_name(x, req->req_info->subject))
+        if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req)))
             goto end;
-        if (!X509_set_subject_name(x, req->req_info->subject))
+        if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req)))
             goto end;
 
         X509_gmtime_adj(X509_get_notBefore(x), 0);
diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c
index fd83023335..7d72e0a26f 100644
--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@@ -62,6 +62,7 @@
 #include <openssl/bn.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/x509v3.h>
 #ifndef OPENSSL_NO_RSA
 # include <openssl/rsa.h>
diff --git a/crypto/asn1/x_req.c b/crypto/asn1/x_req.c
index 1679a56070..102b1f6332 100644
--- a/crypto/asn1/x_req.c
+++ b/crypto/asn1/x_req.c
@@ -60,6 +60,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 
 /*-
  * X509_REQ_INFO is handled in an unusual way to get round
diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h
index 644b27d405..70abb2cd45 100644
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -89,3 +89,19 @@ struct x509_cert_aux_st {
     ASN1_OCTET_STRING *keyid;   /* key id of private key */
     STACK_OF(X509_ALGOR) *other; /* other unspecified info */
 };
+
+struct X509_req_info_st {
+    ASN1_ENCODING enc;
+    ASN1_INTEGER *version;
+    X509_NAME *subject;
+    X509_PUBKEY *pubkey;
+    /*  d=2 hl=2 l=  0 cons: cont: 00 */
+    STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+};
+
+struct X509_req_st {
+    X509_REQ_INFO *req_info;
+    X509_ALGOR *sig_alg;
+    ASN1_BIT_STRING *signature;
+    int references;
+};
diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
index d9c3cfd42b..abf75cdb7a 100644
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@@ -62,6 +62,7 @@
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index b6c46980a0..70e27b8306 100644
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -63,6 +63,7 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/pem.h>
@@ -303,3 +304,13 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req,
         return 1;
     return 0;
 }
+
+long X509_REQ_get_version(X509_REQ *req)
+{
+    return ASN1_INTEGER_get(req->req_info->version);
+}
+
+X509_NAME *X509_REQ_get_subject_name(X509_REQ *req)
+{
+    return req->req_info->subject;
+}
diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c
index cafaf75601..cf9bdfb3e0 100644
--- a/crypto/x509/x509rset.c
+++ b/crypto/x509/x509rset.c
@@ -62,11 +62,13 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 
 int X509_REQ_set_version(X509_REQ *x, long version)
 {
     if (x == NULL)
         return (0);
+    x->req_info->enc.modified = 1;
     return (ASN1_INTEGER_set(x->req_info->version, version));
 }
 
@@ -74,6 +76,7 @@ int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
 {
     if ((x == NULL) || (x->req_info == NULL))
         return (0);
+    x->req_info->enc.modified = 1;
     return (X509_NAME_set(&x->req_info->subject, name));
 }
 
@@ -81,5 +84,6 @@ int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
 {
     if ((x == NULL) || (x->req_info == NULL))
         return (0);
+    x->req_info->enc.modified = 1;
     return (X509_PUBKEY_set(&x->req_info->pubkey, pkey));
 }
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index a7ad148793..591a95188d 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -63,6 +63,7 @@
 #include <openssl/asn1.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include <openssl/ocsp.h>
 #ifndef OPENSSL_NO_RSA
 # include <openssl/rsa.h>
diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c
index c0c71c0882..a1167cc2f8 100644
--- a/crypto/x509v3/v3_skey.c
+++ b/crypto/x509v3/v3_skey.c
@@ -60,6 +60,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/x509v3.h>
+#include "internal/x509_int.h"
 
 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
                                       X509V3_CTX *ctx, char *str);
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index cd8aff291f..15029f9ba5 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -63,6 +63,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
+#include "internal/x509_int.h"
 #include <openssl/bn.h>
 
 static char *strip_spaces(char *name);
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index ab8abcaf78..dc96a2bf99 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -166,21 +166,9 @@ typedef struct x509_attributes_st X509_ATTRIBUTE;
 
 DECLARE_STACK_OF(X509_ATTRIBUTE)
 
-typedef struct X509_req_info_st {
-    ASN1_ENCODING enc;
-    ASN1_INTEGER *version;
-    X509_NAME *subject;
-    X509_PUBKEY *pubkey;
-    /*  d=2 hl=2 l=  0 cons: cont: 00 */
-    STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-} X509_REQ_INFO;
+typedef struct X509_req_info_st X509_REQ_INFO;
 
-typedef struct X509_req_st {
-    X509_REQ_INFO *req_info;
-    X509_ALGOR *sig_alg;
-    ASN1_BIT_STRING *signature;
-    int references;
-} X509_REQ;
+typedef struct X509_req_st X509_REQ;
 
 typedef struct x509_cinf_st {
     ASN1_INTEGER *version;      /* [ 0 ] default of v1 */
@@ -508,8 +496,6 @@ extern "C" {
 # define         X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
 # define         X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
 # define         X509_extract_key(x)     X509_get_pubkey(x)/*****/
-# define         X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
-# define         X509_REQ_get_subject_name(x) ((x)->req_info->subject)
 # define         X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
 # define         X509_name_cmp(a,b)      X509_NAME_cmp((a),(b))
 # define         X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
@@ -816,7 +802,9 @@ EVP_PKEY *X509_get_pubkey(X509 *x);
 ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
 int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ );
 
+long X509_REQ_get_version(X509_REQ *req);
 int X509_REQ_set_version(X509_REQ *x, long version);
+X509_NAME *X509_REQ_get_subject_name(X509_REQ *req);
 int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
author	Dr. Stephen Henson <steve@openssl.org>	2015-08-31 12:58:07 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2015-08-31 20:58:33 +0100
commit	124055a96e8533735b32e6af0fa7913c100ffad2 (patch)
tree	1ba18c2a6162f80c8eb8514ffc3f005da879ec8d
parent	bc3686dfb031445c5af9a256a46a57dc1277a190 (diff)