Fix a few more X509 struct accesses
I missed these earlier.
Change-Id: I53873874f850193839003c8cb812a0bf68074453
Reviewed-on: https://chromium-review.googlesource.com/c/openscreen/+/2740099
Reviewed-by: Brandon Tolsch <btolsch@chromium.org>
Commit-Queue: Brandon Tolsch <btolsch@chromium.org>
diff --git a/cast/common/certificate/cast_crl.cc b/cast/common/certificate/cast_crl.cc
index c7635a4..aa269df 100644
--- a/cast/common/certificate/cast_crl.cc
+++ b/cast/common/certificate/cast_crl.cc
@@ -107,14 +107,15 @@
// (excluding trust anchor). No intermediates are provided above, so this
// just amounts to |signer_cert| vs. |not_after_seconds|.
*overall_not_after = not_after;
- ASN1_GENERALIZEDTIME* not_after_asn1 = ASN1_TIME_to_generalizedtime(
- result_path.target_cert->cert_info->validity->notAfter, nullptr);
+ bssl::UniquePtr<ASN1_GENERALIZEDTIME> not_after_asn1{
+ ASN1_TIME_to_generalizedtime(
+ X509_get0_notAfter(result_path.target_cert.get()), nullptr)};
if (!not_after_asn1) {
return false;
}
DateTime cert_not_after;
- bool time_valid = ParseAsn1GeneralizedTime(not_after_asn1, &cert_not_after);
- ASN1_GENERALIZEDTIME_free(not_after_asn1);
+ bool time_valid =
+ ParseAsn1GeneralizedTime(not_after_asn1.get(), &cert_not_after);
if (!time_valid) {
return false;
}
@@ -199,7 +200,7 @@
// Only Google generated device certificates will be revoked by range.
// These will always be less than 64 bits in length.
ErrorOr<uint64_t> maybe_serial =
- ParseDerUint64(subordinate->cert_info->serialNumber);
+ ParseDerUint64(X509_get0_serialNumber(subordinate));
if (!maybe_serial) {
continue;
}
diff --git a/cast/test/make_crl_tests.cc b/cast/test/make_crl_tests.cc
index 9017395..d6b83ec 100644
--- a/cast/test/make_crl_tests.cc
+++ b/cast/test/make_crl_tests.cc
@@ -54,7 +54,7 @@
// NOTE: Include default serial number range at device-level, which should not
// include any of our certs.
ErrorOr<uint64_t> maybe_serial =
- ParseDerUint64(device_cert->cert_info->serialNumber);
+ ParseDerUint64(X509_get0_serialNumber(device_cert));
OSP_DCHECK(maybe_serial);
uint64_t serial = maybe_serial.value();
OSP_DCHECK_LE(serial, UINT64_MAX - 200);
@@ -178,7 +178,7 @@
TbsCrl tbs_crl = MakeTbsCrl(not_before.count(), not_after.count(),
device_cert.get(), inter_cert.get());
ErrorOr<uint64_t> maybe_serial =
- ParseDerUint64(inter_cert->cert_info->serialNumber);
+ ParseDerUint64(X509_get0_serialNumber(inter_cert.get()));
OSP_DCHECK(maybe_serial);
uint64_t serial = maybe_serial.value();
OSP_DCHECK_GE(serial, 10);
@@ -193,7 +193,7 @@
TbsCrl tbs_crl = MakeTbsCrl(not_before.count(), not_after.count(),
device_cert.get(), inter_cert.get());
ErrorOr<uint64_t> maybe_serial =
- ParseDerUint64(device_cert->cert_info->serialNumber);
+ ParseDerUint64(X509_get0_serialNumber(device_cert.get()));
OSP_DCHECK(maybe_serial);
uint64_t serial = maybe_serial.value();
OSP_DCHECK_GE(serial, 10);
diff --git a/util/crypto/certificate_utils.cc b/util/crypto/certificate_utils.cc
index a9b7d9a..f501804 100644
--- a/util/crypto/certificate_utils.cc
+++ b/util/crypto/certificate_utils.cc
@@ -218,25 +218,28 @@
}
std::string GetSpkiTlv(X509* cert) {
- int len = i2d_X509_PUBKEY(cert->cert_info->key, nullptr);
+ X509_PUBKEY* key = X509_get_X509_PUBKEY(cert);
+ int len = i2d_X509_PUBKEY(key, nullptr);
if (len <= 0) {
return {};
}
std::string x(len, 0);
uint8_t* data = reinterpret_cast<uint8_t*>(&x[0]);
- if (!i2d_X509_PUBKEY(cert->cert_info->key, &data)) {
+ if (!i2d_X509_PUBKEY(key, &data)) {
return {};
}
return x;
}
-ErrorOr<uint64_t> ParseDerUint64(ASN1_INTEGER* asn1int) {
- if (asn1int->length > 8 || asn1int->length == 0) {
+ErrorOr<uint64_t> ParseDerUint64(const ASN1_INTEGER* asn1int) {
+ const uint8_t* data = ASN1_STRING_get0_data(asn1int);
+ int length = ASN1_STRING_length(asn1int);
+ if (length > 8 || length <= 0) {
return Error::Code::kParameterInvalid;
}
uint64_t result = 0;
- for (int i = 0; i < asn1int->length; ++i) {
- result = (result << 8) | asn1int->data[i];
+ for (int i = 0; i < length; ++i) {
+ result = (result << 8) | data[i];
}
return result;
}
diff --git a/util/crypto/certificate_utils.h b/util/crypto/certificate_utils.h
index 22da033..6d9a08f 100644
--- a/util/crypto/certificate_utils.h
+++ b/util/crypto/certificate_utils.h
@@ -52,7 +52,7 @@
std::string GetSpkiTlv(X509* cert);
-ErrorOr<uint64_t> ParseDerUint64(ASN1_INTEGER* asn1int);
+ErrorOr<uint64_t> ParseDerUint64(const ASN1_INTEGER* asn1int);
} // namespace openscreen