diff options
author | David Benjamin <davidben@chromium.org> | 2021-03-05 15:00:24 -0500 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-03-05 21:35:08 +0000 |
commit | 4c03793ebf20af9cae9c096320e3efe73f0733f3 (patch) | |
tree | b526553b1cd0988f3fbc8955416f9748e6f64b1c | |
parent | 17cbee80d86c0354fc86f2a6b9592f272b43e38f (diff) | |
download | openscreen-4c03793ebf20af9cae9c096320e3efe73f0733f3.tar.gz |
Fix a few more X509 struct accesses
I missed these earlier.
Change-Id: I53873874f850193839003c8cb812a0bf68074453
Reviewed-on: https://chromium-review.googlesource.com/c/openscreen/+/2740099
Reviewed-by: Brandon Tolsch <btolsch@chromium.org>
Commit-Queue: Brandon Tolsch <btolsch@chromium.org>
-rw-r--r-- | cast/common/certificate/cast_crl.cc | 11 | ||||
-rw-r--r-- | cast/test/make_crl_tests.cc | 6 | ||||
-rw-r--r-- | util/crypto/certificate_utils.cc | 15 | ||||
-rw-r--r-- | util/crypto/certificate_utils.h | 2 |
4 files changed, 19 insertions, 15 deletions
diff --git a/cast/common/certificate/cast_crl.cc b/cast/common/certificate/cast_crl.cc index c7635a4f..aa269df5 100644 --- a/cast/common/certificate/cast_crl.cc +++ b/cast/common/certificate/cast_crl.cc @@ -107,14 +107,15 @@ bool VerifyCRL(const Crl& crl, // (excluding trust anchor). No intermediates are provided above, so this // just amounts to |signer_cert| vs. |not_after_seconds|. *overall_not_after = not_after; - ASN1_GENERALIZEDTIME* not_after_asn1 = ASN1_TIME_to_generalizedtime( - result_path.target_cert->cert_info->validity->notAfter, nullptr); + bssl::UniquePtr<ASN1_GENERALIZEDTIME> not_after_asn1{ + ASN1_TIME_to_generalizedtime( + X509_get0_notAfter(result_path.target_cert.get()), nullptr)}; if (!not_after_asn1) { return false; } DateTime cert_not_after; - bool time_valid = ParseAsn1GeneralizedTime(not_after_asn1, &cert_not_after); - ASN1_GENERALIZEDTIME_free(not_after_asn1); + bool time_valid = + ParseAsn1GeneralizedTime(not_after_asn1.get(), &cert_not_after); if (!time_valid) { return false; } @@ -199,7 +200,7 @@ bool CastCRL::CheckRevocation(const std::vector<X509*>& trusted_chain, // Only Google generated device certificates will be revoked by range. // These will always be less than 64 bits in length. ErrorOr<uint64_t> maybe_serial = - ParseDerUint64(subordinate->cert_info->serialNumber); + ParseDerUint64(X509_get0_serialNumber(subordinate)); if (!maybe_serial) { continue; } diff --git a/cast/test/make_crl_tests.cc b/cast/test/make_crl_tests.cc index 9017395c..d6b83ec3 100644 --- a/cast/test/make_crl_tests.cc +++ b/cast/test/make_crl_tests.cc @@ -54,7 +54,7 @@ TbsCrl MakeTbsCrl(uint64_t not_before, // NOTE: Include default serial number range at device-level, which should not // include any of our certs. ErrorOr<uint64_t> maybe_serial = - ParseDerUint64(device_cert->cert_info->serialNumber); + ParseDerUint64(X509_get0_serialNumber(device_cert)); OSP_DCHECK(maybe_serial); uint64_t serial = maybe_serial.value(); OSP_DCHECK_LE(serial, UINT64_MAX - 200); @@ -178,7 +178,7 @@ int CastMain() { TbsCrl tbs_crl = MakeTbsCrl(not_before.count(), not_after.count(), device_cert.get(), inter_cert.get()); ErrorOr<uint64_t> maybe_serial = - ParseDerUint64(inter_cert->cert_info->serialNumber); + ParseDerUint64(X509_get0_serialNumber(inter_cert.get())); OSP_DCHECK(maybe_serial); uint64_t serial = maybe_serial.value(); OSP_DCHECK_GE(serial, 10); @@ -193,7 +193,7 @@ int CastMain() { TbsCrl tbs_crl = MakeTbsCrl(not_before.count(), not_after.count(), device_cert.get(), inter_cert.get()); ErrorOr<uint64_t> maybe_serial = - ParseDerUint64(device_cert->cert_info->serialNumber); + ParseDerUint64(X509_get0_serialNumber(device_cert.get())); OSP_DCHECK(maybe_serial); uint64_t serial = maybe_serial.value(); OSP_DCHECK_GE(serial, 10); diff --git a/util/crypto/certificate_utils.cc b/util/crypto/certificate_utils.cc index a9b7d9ad..f5018042 100644 --- a/util/crypto/certificate_utils.cc +++ b/util/crypto/certificate_utils.cc @@ -218,25 +218,28 @@ ErrorOr<bssl::UniquePtr<EVP_PKEY>> ImportRSAPrivateKey( } std::string GetSpkiTlv(X509* cert) { - int len = i2d_X509_PUBKEY(cert->cert_info->key, nullptr); + X509_PUBKEY* key = X509_get_X509_PUBKEY(cert); + int len = i2d_X509_PUBKEY(key, nullptr); if (len <= 0) { return {}; } std::string x(len, 0); uint8_t* data = reinterpret_cast<uint8_t*>(&x[0]); - if (!i2d_X509_PUBKEY(cert->cert_info->key, &data)) { + if (!i2d_X509_PUBKEY(key, &data)) { return {}; } return x; } -ErrorOr<uint64_t> ParseDerUint64(ASN1_INTEGER* asn1int) { - if (asn1int->length > 8 || asn1int->length == 0) { +ErrorOr<uint64_t> ParseDerUint64(const ASN1_INTEGER* asn1int) { + const uint8_t* data = ASN1_STRING_get0_data(asn1int); + int length = ASN1_STRING_length(asn1int); + if (length > 8 || length <= 0) { return Error::Code::kParameterInvalid; } uint64_t result = 0; - for (int i = 0; i < asn1int->length; ++i) { - result = (result << 8) | asn1int->data[i]; + for (int i = 0; i < length; ++i) { + result = (result << 8) | data[i]; } return result; } diff --git a/util/crypto/certificate_utils.h b/util/crypto/certificate_utils.h index 22da0330..6d9a08fd 100644 --- a/util/crypto/certificate_utils.h +++ b/util/crypto/certificate_utils.h @@ -52,7 +52,7 @@ ErrorOr<bssl::UniquePtr<EVP_PKEY>> ImportRSAPrivateKey( std::string GetSpkiTlv(X509* cert); -ErrorOr<uint64_t> ParseDerUint64(ASN1_INTEGER* asn1int); +ErrorOr<uint64_t> ParseDerUint64(const ASN1_INTEGER* asn1int); } // namespace openscreen |