Fix a few more X509 struct accesses

I missed these earlier. Change-Id: I53873874f850193839003c8cb812a0bf68074453 Reviewed-on: https://chromium-review.googlesource.com/c/openscreen/+/2740099 Reviewed-by: Brandon Tolsch <btolsch@chromium.org> Commit-Queue: Brandon Tolsch <btolsch@chromium.org>
author: David Benjamin <davidben@chromium.org> 2021-03-05 15:00:24 -0500
committer: Commit Bot <commit-bot@chromium.org> 2021-03-05 21:35:08 +0000
commit: 4c03793ebf20af9cae9c096320e3efe73f0733f3 (patch)
tree: b526553b1cd0988f3fbc8955416f9748e6f64b1c
parent: 17cbee80d86c0354fc86f2a6b9592f272b43e38f (diff)
download: openscreen-4c03793ebf20af9cae9c096320e3efe73f0733f3.tar.gz
4 files changed, 19 insertions, 15 deletions
diff --git a/cast/common/certificate/cast_crl.cc b/cast/common/certificate/cast_crl.cc
index c7635a4f..aa269df5 100644
--- a/cast/common/certificate/cast_crl.cc
+++ b/cast/common/certificate/cast_crl.cc
@@ -107,14 +107,15 @@ bool VerifyCRL(const Crl& crl,
   // (excluding trust anchor).  No intermediates are provided above, so this
   // just amounts to |signer_cert| vs. |not_after_seconds|.
   *overall_not_after = not_after;
-  ASN1_GENERALIZEDTIME* not_after_asn1 = ASN1_TIME_to_generalizedtime(
-      result_path.target_cert->cert_info->validity->notAfter, nullptr);
+  bssl::UniquePtr<ASN1_GENERALIZEDTIME> not_after_asn1{
+      ASN1_TIME_to_generalizedtime(
+          X509_get0_notAfter(result_path.target_cert.get()), nullptr)};
   if (!not_after_asn1) {
     return false;
   }
   DateTime cert_not_after;
-  bool time_valid = ParseAsn1GeneralizedTime(not_after_asn1, &cert_not_after);
-  ASN1_GENERALIZEDTIME_free(not_after_asn1);
+  bool time_valid =
+      ParseAsn1GeneralizedTime(not_after_asn1.get(), &cert_not_after);
   if (!time_valid) {
     return false;
   }
@@ -199,7 +200,7 @@ bool CastCRL::CheckRevocation(const std::vector<X509*>& trusted_chain,
         // Only Google generated device certificates will be revoked by range.
         // These will always be less than 64 bits in length.
         ErrorOr<uint64_t> maybe_serial =
-            ParseDerUint64(subordinate->cert_info->serialNumber);
+            ParseDerUint64(X509_get0_serialNumber(subordinate));
         if (!maybe_serial) {
           continue;
         }
diff --git a/cast/test/make_crl_tests.cc b/cast/test/make_crl_tests.cc
index 9017395c..d6b83ec3 100644
--- a/cast/test/make_crl_tests.cc
+++ b/cast/test/make_crl_tests.cc
@@ -54,7 +54,7 @@ TbsCrl MakeTbsCrl(uint64_t not_before,
   // NOTE: Include default serial number range at device-level, which should not
   // include any of our certs.
   ErrorOr<uint64_t> maybe_serial =
-      ParseDerUint64(device_cert->cert_info->serialNumber);
+      ParseDerUint64(X509_get0_serialNumber(device_cert));
   OSP_DCHECK(maybe_serial);
   uint64_t serial = maybe_serial.value();
   OSP_DCHECK_LE(serial, UINT64_MAX - 200);
@@ -178,7 +178,7 @@ int CastMain() {
     TbsCrl tbs_crl = MakeTbsCrl(not_before.count(), not_after.count(),
                                 device_cert.get(), inter_cert.get());
     ErrorOr<uint64_t> maybe_serial =
-        ParseDerUint64(inter_cert->cert_info->serialNumber);
+        ParseDerUint64(X509_get0_serialNumber(inter_cert.get()));
     OSP_DCHECK(maybe_serial);
     uint64_t serial = maybe_serial.value();
     OSP_DCHECK_GE(serial, 10);
@@ -193,7 +193,7 @@ int CastMain() {
     TbsCrl tbs_crl = MakeTbsCrl(not_before.count(), not_after.count(),
                                 device_cert.get(), inter_cert.get());
     ErrorOr<uint64_t> maybe_serial =
-        ParseDerUint64(device_cert->cert_info->serialNumber);
+        ParseDerUint64(X509_get0_serialNumber(device_cert.get()));
     OSP_DCHECK(maybe_serial);
     uint64_t serial = maybe_serial.value();
     OSP_DCHECK_GE(serial, 10);
diff --git a/util/crypto/certificate_utils.cc b/util/crypto/certificate_utils.cc
index a9b7d9ad..f5018042 100644
--- a/util/crypto/certificate_utils.cc
+++ b/util/crypto/certificate_utils.cc
@@ -218,25 +218,28 @@ ErrorOr<bssl::UniquePtr<EVP_PKEY>> ImportRSAPrivateKey(
 }
 
 std::string GetSpkiTlv(X509* cert) {
-  int len = i2d_X509_PUBKEY(cert->cert_info->key, nullptr);
+  X509_PUBKEY* key = X509_get_X509_PUBKEY(cert);
+  int len = i2d_X509_PUBKEY(key, nullptr);
   if (len <= 0) {
     return {};
   }
   std::string x(len, 0);
   uint8_t* data = reinterpret_cast<uint8_t*>(&x[0]);
-  if (!i2d_X509_PUBKEY(cert->cert_info->key, &data)) {
+  if (!i2d_X509_PUBKEY(key, &data)) {
     return {};
   }
   return x;
 }
 
-ErrorOr<uint64_t> ParseDerUint64(ASN1_INTEGER* asn1int) {
-  if (asn1int->length > 8 || asn1int->length == 0) {
+ErrorOr<uint64_t> ParseDerUint64(const ASN1_INTEGER* asn1int) {
+  const uint8_t* data = ASN1_STRING_get0_data(asn1int);
+  int length = ASN1_STRING_length(asn1int);
+  if (length > 8 || length <= 0) {
     return Error::Code::kParameterInvalid;
   }
   uint64_t result = 0;
-  for (int i = 0; i < asn1int->length; ++i) {
-    result = (result << 8) | asn1int->data[i];
+  for (int i = 0; i < length; ++i) {
+    result = (result << 8) | data[i];
   }
   return result;
 }
diff --git a/util/crypto/certificate_utils.h b/util/crypto/certificate_utils.h
index 22da0330..6d9a08fd 100644
--- a/util/crypto/certificate_utils.h
+++ b/util/crypto/certificate_utils.h
@@ -52,7 +52,7 @@ ErrorOr<bssl::UniquePtr<EVP_PKEY>> ImportRSAPrivateKey(
 
 std::string GetSpkiTlv(X509* cert);
 
-ErrorOr<uint64_t> ParseDerUint64(ASN1_INTEGER* asn1int);
+ErrorOr<uint64_t> ParseDerUint64(const ASN1_INTEGER* asn1int);
 
 }  // namespace openscreen
author	David Benjamin <davidben@chromium.org>	2021-03-05 15:00:24 -0500
committer	Commit Bot <commit-bot@chromium.org>	2021-03-05 21:35:08 +0000
commit	4c03793ebf20af9cae9c096320e3efe73f0733f3 (patch)
tree	b526553b1cd0988f3fbc8955416f9748e6f64b1c
parent	17cbee80d86c0354fc86f2a6b9592f272b43e38f (diff)
download	openscreen-4c03793ebf20af9cae9c096320e3efe73f0733f3.tar.gz