Skip to content

Commit 40a5181

Browse files
Jakujefrankmorgner
authored andcommitted
OpenSSL 4 compatibility
Based on patch from Simo: https://src.fedoraproject.org/rpms/openpace/pull-request/2
1 parent ea2e607 commit 40a5181

6 files changed

Lines changed: 100 additions & 87 deletions

File tree

src/cv_cert.c

Lines changed: 50 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -413,7 +413,8 @@ CVC_verify_signature(const CVC_CERT *cert, int protocol, EVP_PKEY *key)
413413
body_buf = BUF_MEM_create_init(body, (size_t) body_len);
414414

415415
/* Get signature from certificate and convert it to a X9.62 representation */
416-
signature = BUF_MEM_create_init(cert->signature->data, cert->signature->length);
416+
signature = BUF_MEM_create_init(ASN1_STRING_get0_data(cert->signature),
417+
ASN1_STRING_length(cert->signature));
417418

418419
r = EAC_verify(protocol, key, signature, body_buf);
419420

@@ -468,12 +469,12 @@ enum cvc_terminal_role
468469
CVC_get_role(const CVC_CHAT *chat)
469470
{
470471
if (!chat || !chat->relative_authorization
471-
|| !chat->relative_authorization->data
472-
|| chat->relative_authorization->length < 1)
472+
|| !ASN1_STRING_get0_data(chat->relative_authorization)
473+
|| ASN1_STRING_length(chat->relative_authorization) < 1)
473474
return -1;
474475

475476
/* The left most bits encode the terminal type */
476-
return (chat->relative_authorization->data[0] >> 6) & 3;
477+
return (ASN1_STRING_get0_data(chat->relative_authorization)[0] >> 6) & 3;
477478
}
478479

479480
EVP_PKEY *
@@ -549,9 +550,11 @@ CVC_pubkey2rsa(const CVC_PUBKEY *public_key, EVP_PKEY *out)
549550
goto err;
550551

551552
check(RSA_set0_key(rsa,
552-
BN_bin2bn(public_key->cont1->data, public_key->cont1->length,
553+
BN_bin2bn(ASN1_STRING_get0_data(public_key->cont1),
554+
ASN1_STRING_length(public_key->cont1),
553555
NULL),
554-
BN_bin2bn(public_key->cont2->data, public_key->cont2->length,
556+
BN_bin2bn(ASN1_STRING_get0_data(public_key->cont2),
557+
ASN1_STRING_length(public_key->cont2),
555558
NULL), NULL),
556559
"Internal error");
557560

@@ -617,8 +620,8 @@ CVC_pubkey2eckey(int all_parameters, const CVC_PUBKEY *public_key,
617620
point = EC_POINT_new(group);
618621
check(point
619622
&& EC_POINT_oct2point(group, point,
620-
public_key->cont6->data,
621-
public_key->cont6->length,
623+
ASN1_STRING_get0_data(public_key->cont6),
624+
ASN1_STRING_length(public_key->cont6),
622625
bn_ctx)
623626
&& EC_KEY_set_public_key(ec, point)
624627
&& EC_KEY_check_key(ec),
@@ -737,7 +740,8 @@ CVC_verify_request_signature(const CVC_CERT_REQUEST *request)
737740
body_buf = BUF_MEM_create_init(body, (size_t) body_len);
738741

739742
/* Get signature from certificate and convert it to a X9.62 representation */
740-
inner_signature = BUF_MEM_create_init(request->inner_signature->data, request->inner_signature->length);
743+
inner_signature = BUF_MEM_create_init(ASN1_STRING_get0_data(request->inner_signature),
744+
ASN1_STRING_length(request->inner_signature));
741745

742746
r = EAC_verify(nid, key, inner_signature, body_buf);
743747

@@ -771,8 +775,8 @@ CVC_verify_authentication_request_signatures(EAC_CTX *ctx,
771775

772776
/* find the original certificate for verification of the outer signature */
773777
trust_anchor = ctx->ta_ctx->lookup_cvca_cert(
774-
authentication->certificate_authority_reference->data,
775-
authentication->certificate_authority_reference->length);
778+
ASN1_STRING_get0_data(authentication->certificate_authority_reference),
779+
ASN1_STRING_length(authentication->certificate_authority_reference));
776780
if (!trust_anchor)
777781
goto err;
778782

@@ -788,16 +792,16 @@ CVC_verify_authentication_request_signatures(EAC_CTX *ctx,
788792
if (request_len <= 0)
789793
goto err;
790794
data = BUF_MEM_create(
791-
authentication->certificate_authority_reference->length
795+
ASN1_STRING_length(authentication->certificate_authority_reference)
792796
+ (size_t) request_len);
793797
memcpy(data->data, request, request_len);
794798
memcpy(data->data + request_len,
795-
authentication->certificate_authority_reference->data,
796-
authentication->certificate_authority_reference->length);
799+
ASN1_STRING_get0_data(authentication->certificate_authority_reference),
800+
ASN1_STRING_length(authentication->certificate_authority_reference));
797801

798802
outer_signature = BUF_MEM_create_init(
799-
authentication->outer_signature->data,
800-
authentication->outer_signature->length);
803+
ASN1_STRING_get0_data(authentication->outer_signature),
804+
ASN1_STRING_length(authentication->outer_signature));
801805

802806
r = EAC_verify(ctx->ta_ctx->protocol, ctx->ta_ctx->pub_key,
803807
outer_signature, data);
@@ -904,7 +908,7 @@ cvc_chat_print_authorizations(BIO *bio, const CVC_CHAT *chat, int indent)
904908
const char **strings;
905909

906910
if (!bio || !chat || !chat->relative_authorization
907-
|| !chat->relative_authorization->data)
911+
|| !ASN1_STRING_get0_data(chat->relative_authorization))
908912
goto err;
909913

910914
/* Figure out what kind of CHAT we have */
@@ -926,15 +930,15 @@ cvc_chat_print_authorizations(BIO *bio, const CVC_CHAT *chat, int indent)
926930
}
927931

928932
/* Sanity check: Does the received CHAT have the correct length? */
929-
if(chat->relative_authorization->length != rel_auth_num_bytes)
933+
if(ASN1_STRING_length(chat->relative_authorization) != rel_auth_num_bytes)
930934
goto err;
931935

932936
/* Dump the relative authorization bit string in human readable form.
933937
* Each set Bit means one authorization */
934938
for (i = 0; i < rel_auth_len; i++) {
935939
if (i % 8 == 0 && i != 0)
936940
j++;
937-
if (CHECK_BIT(chat->relative_authorization->data[rel_auth_num_bytes - j],
941+
if (CHECK_BIT(ASN1_STRING_get0_data(chat->relative_authorization)[rel_auth_num_bytes - j],
938942
i % 8)) {
939943
if (!BIO_indent(bio, indent, 80)
940944
|| !BIO_printf(bio, "%s\n", strings[i]))
@@ -955,7 +959,7 @@ cvc_chat_print(BIO *bio, const CVC_CHAT *chat, int indent)
955959
int ok = 0, nid = 0, role;
956960

957961
if (!bio || !chat || !chat->relative_authorization
958-
|| !chat->relative_authorization->data)
962+
|| !ASN1_STRING_get0_data(chat->relative_authorization))
959963
goto err;
960964

961965
/* Figure out what kind of CHAT we have */
@@ -1015,7 +1019,7 @@ CVC_get_profile_identifier(const CVC_CERT *cert)
10151019
long l;
10161020

10171021
if (!cert || !cert->body || !cert->body->certificate_profile_identifier ||
1018-
!cert->body->certificate_profile_identifier->data)
1022+
!ASN1_STRING_get0_data(cert->body->certificate_profile_identifier))
10191023
return -1;
10201024
l = ASN1_INTEGER_get(cert->body->certificate_profile_identifier);
10211025
return (l == 0) ? 0 : -1; /* The only specified version number is 0 right now */
@@ -1027,14 +1031,15 @@ cvc_get_reference_string(ASN1_OCTET_STRING *ref)
10271031
char *ret = NULL;
10281032

10291033
check(ref, "Invalid input");
1030-
check(is_chr(ref->data, ref->length), "Invalid certificate reference");
1034+
check(is_chr(ASN1_STRING_get0_data(ref), ASN1_STRING_length(ref)),
1035+
"Invalid certificate reference");
10311036

1032-
ret = malloc(ref->length + 1);
1037+
ret = malloc(ASN1_STRING_length(ref) + 1);
10331038
check(ret, "Not enough memory");
10341039

1035-
memcpy(ret, ref->data, ref->length);
1040+
memcpy(ret, ASN1_STRING_get0_data(ref), ASN1_STRING_length(ref));
10361041
/* Null-terminate string */
1037-
ret[ref->length] = '\0';
1042+
ret[ASN1_STRING_length(ref)] = '\0';
10381043

10391044
err:
10401045
return ret;
@@ -1044,26 +1049,28 @@ char *
10441049
cvc_get_date_string(ASN1_OCTET_STRING *date)
10451050
{
10461051
char *ret;
1052+
const unsigned char *d;
10471053

1048-
if (!date || !date->data || date->length != 6
1049-
|| !is_bcd(date->data, date->length))
1054+
if (!date || !ASN1_STRING_get0_data(date) || ASN1_STRING_length(date) != 6
1055+
|| !is_bcd(ASN1_STRING_get0_data(date), ASN1_STRING_length(date)))
10501056
return NULL;
10511057

10521058
ret = malloc(11);
10531059
if (!ret)
10541060
return NULL;
10551061

1062+
d = ASN1_STRING_get0_data(date);
10561063
/* Convert to ASCII date */
10571064
ret[0] = '2';
10581065
ret[1] = '0';
1059-
ret[2] = date->data[0] + 0x30;
1060-
ret[3] = date->data[1] + 0x30;
1066+
ret[2] = d[0] + 0x30;
1067+
ret[3] = d[1] + 0x30;
10611068
ret[4] = '-';
1062-
ret[5] = date->data[2] + 0x30;
1063-
ret[6] = date->data[3] + 0x30;
1069+
ret[5] = d[2] + 0x30;
1070+
ret[6] = d[3] + 0x30;
10641071
ret[7] = '-';
1065-
ret[8] = date->data[4] + 0x30;
1066-
ret[9] = date->data[5] + 0x30;
1072+
ret[8] = d[4] + 0x30;
1073+
ret[9] = d[5] + 0x30;
10671074
ret[10] = '\0';
10681075

10691076
return ret;
@@ -1081,28 +1088,28 @@ certificate_description_print(BIO *bio,
10811088

10821089
if (!BIO_indent(bio, indent, 80)
10831090
|| !BIO_printf(bio, "%s\t%s\n", cert_desc_field_strings[0],
1084-
desc->issuerName->data))
1091+
ASN1_STRING_get0_data(desc->issuerName)))
10851092
return 0;
10861093
if (desc->issuerURL) {
10871094
if (!BIO_indent(bio, indent, 80)
10881095
|| !BIO_printf(bio, "%s\t%s\n", cert_desc_field_strings[1],
1089-
desc->issuerURL->data))
1096+
ASN1_STRING_get0_data(desc->issuerURL)))
10901097
return 0;
10911098
}
10921099
if (!BIO_indent(bio, indent, 80)
10931100
|| !BIO_printf(bio, "%s\t%s\n", cert_desc_field_strings[2],
1094-
desc->subjectName->data))
1101+
ASN1_STRING_get0_data(desc->subjectName)))
10951102
return 0;
10961103
if (desc->subjectURL) {
10971104
if (!BIO_indent(bio, indent, 80)
10981105
|| !BIO_printf(bio, "%s\t%s\n", cert_desc_field_strings[3],
1099-
desc->subjectURL->data))
1106+
ASN1_STRING_get0_data(desc->subjectURL)))
11001107
return 0;
11011108
}
11021109
if (desc->redirectURL) {
11031110
if (!BIO_indent(bio, indent, 80)
11041111
|| !BIO_printf(bio, "%s\t%s\n", cert_desc_field_strings[4],
1105-
desc->redirectURL->data))
1112+
ASN1_STRING_get0_data(desc->redirectURL)))
11061113
return 0;
11071114
}
11081115
if (desc->commCertificates) {
@@ -1114,7 +1121,7 @@ certificate_description_print(BIO *bio,
11141121
for (i = 0; i < count; i++) {
11151122
s = sk_value((_STACK*) desc->commCertificates->values, i);
11161123
if (!BIO_puts(bio, "\n")
1117-
|| !BIO_dump_indent(bio, (char *) s->data, s->length, indent+2))
1124+
|| !BIO_dump_indent(bio, (const char *) ASN1_STRING_get0_data(s), ASN1_STRING_length(s), indent+2))
11181125
return 0;
11191126
}
11201127
}
@@ -1124,7 +1131,8 @@ certificate_description_print(BIO *bio,
11241131
if (nid == NID_id_plainFormat) {
11251132
if (!BIO_indent(bio, indent, 80)
11261133
|| !BIO_printf(bio, "%s\n%.*s\n", cert_desc_field_strings[5],
1127-
desc->termsOfUsage->length, desc->termsOfUsage->data))
1134+
ASN1_STRING_length(desc->termsOfUsage),
1135+
ASN1_STRING_get0_data(desc->termsOfUsage)))
11281136
return 0;
11291137
ret = 1;
11301138
} else if (nid == NID_id_htmlFormat) {
@@ -1219,13 +1227,13 @@ CVC_check_description(const CVC_CERT *cv, const unsigned char *cert_desc_in,
12191227
goto err;
12201228

12211229
/* Check whether or not the hash in the certificate has the correct size */
1222-
if (hash_check->length != desc_hash->length) {
1230+
if (ASN1_STRING_length(hash_check) != desc_hash->length) {
12231231
ret = 0;
12241232
goto err;
12251233
}
12261234

12271235
/* Compare it with the hash in the certificate */
1228-
if (!memcmp(desc_hash->data, hash_check->data, desc_hash->length))
1236+
if (!memcmp(desc_hash->data, ASN1_STRING_get0_data(hash_check), desc_hash->length))
12291237
ret = 1;
12301238
} else
12311239
ret = 0;

src/cvc-create.c

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -709,16 +709,16 @@ int main(int argc, char *argv[])
709709
sign_as_cert = read_cvc_cert(cmdline.sign_as_arg);
710710
if (!sign_as_cert)
711711
goto err;
712-
car = sign_as_cert->body->certificate_holder_reference->data;
713-
car_len = sign_as_cert->body->certificate_holder_reference->length;
712+
car = ASN1_STRING_get0_data(sign_as_cert->body->certificate_holder_reference);
713+
car_len = ASN1_STRING_length(sign_as_cert->body->certificate_holder_reference);
714714
} else {
715715
/* self signed certificate */
716716
if (cmdline.manual_mode_counter) {
717717
car = (unsigned char *) cmdline.chr_arg;
718718
car_len = strlen(cmdline.chr_arg);
719719
} else {
720-
car = request->body->certificate_holder_reference->data;
721-
car_len = request->body->certificate_holder_reference->length;
720+
car = ASN1_STRING_get0_data(request->body->certificate_holder_reference);
721+
car_len = ASN1_STRING_length(request->body->certificate_holder_reference);
722722
}
723723
}
724724
if (!cert->body->certificate_authority_reference)
@@ -744,15 +744,15 @@ int main(int argc, char *argv[])
744744
strncpy(basename, cmdline.chr_arg, (sizeof basename) - 1);
745745
basename[sizeof basename - 1] = '\0';
746746
} else {
747+
int name_len;
747748
cert->body->certificate_holder_reference = (ASN1_UTF8STRING *) ASN1_STRING_dup((ASN1_STRING *) request->body->certificate_holder_reference);
748749
if (!cert->body->certificate_holder_reference)
749750
goto err;
750-
memcpy(basename, (char *) request->body->certificate_holder_reference->data,
751-
sizeof basename < request->body->certificate_holder_reference->length ?
752-
sizeof basename : request->body->certificate_holder_reference->length);
753-
basename[
754-
sizeof basename - 1 < request->body->certificate_holder_reference->length ?
755-
sizeof basename - 1 : request->body->certificate_holder_reference->length] = '\0';
751+
name_len = ASN1_STRING_length(request->body->certificate_holder_reference);
752+
memcpy(basename, (const char *) ASN1_STRING_get0_data(request->body->certificate_holder_reference),
753+
sizeof basename < name_len ?
754+
sizeof basename : name_len);
755+
basename[sizeof basename - 1 < name_len ? sizeof basename - 1 : name_len] = '\0';
756756
}
757757

758758

src/cvc_lookup.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -89,8 +89,8 @@ static int CVC_find_chr_in_file(const unsigned char *chr, size_t chr_len,
8989
}
9090
cvc = *cv_certificate;
9191
if (cvc && cvc->body && cvc->body->certificate_holder_reference
92-
&& cvc->body->certificate_holder_reference->length == chr_len
93-
&& 0 == memcmp(cvc->body->certificate_holder_reference->data,
92+
&& ASN1_STRING_length(cvc->body->certificate_holder_reference) == chr_len
93+
&& 0 == memcmp(ASN1_STRING_get0_data(cvc->body->certificate_holder_reference),
9494
chr, chr_len)) {
9595
ok = 1;
9696
break;

src/eac_asn1.c

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -456,7 +456,7 @@ EAC_CTX_init_ef_cardaccess(const unsigned char * in, size_t in_len,
456456
{
457457
ASN1_INTEGER *i = NULL;
458458
ASN1_OBJECT *oid = NULL;
459-
unsigned char *pubkey;
459+
const unsigned char *pubkey;
460460
size_t pubkey_len;
461461
CA_CTX *ca_ctx = NULL;
462462
CA_DP_INFO *tmp_ca_dp_info = NULL;
@@ -637,15 +637,15 @@ EAC_CTX_init_ef_cardaccess(const unsigned char * in, size_t in_len,
637637
* UNSIGNED INTEGER, which is an ASN.1 INTEGER that is
638638
* always positive. Parsing the unsigned integer should be
639639
* done in EVP_PKEY_set_key. */
640-
const unsigned char *p = ca_public_key_info->chipAuthenticationPublicKeyInfo->subjectPublicKey->data;
640+
const unsigned char *p = ASN1_STRING_get0_data(ca_public_key_info->chipAuthenticationPublicKeyInfo->subjectPublicKey);
641641
check(d2i_ASN1_UINTEGER(&i, &p,
642-
ca_public_key_info->chipAuthenticationPublicKeyInfo->subjectPublicKey->length),
642+
ASN1_STRING_length(ca_public_key_info->chipAuthenticationPublicKeyInfo->subjectPublicKey)),
643643
"Could not decode CA PK");
644-
pubkey = i->data;
645-
pubkey_len = i->length;
644+
pubkey = ASN1_STRING_get0_data(i);
645+
pubkey_len = ASN1_STRING_length(i);
646646
} else {
647-
pubkey = ca_public_key_info->chipAuthenticationPublicKeyInfo->subjectPublicKey->data;
648-
pubkey_len = ca_public_key_info->chipAuthenticationPublicKeyInfo->subjectPublicKey->length;
647+
pubkey = ASN1_STRING_get0_data(ca_public_key_info->chipAuthenticationPublicKeyInfo->subjectPublicKey);
648+
pubkey_len = ASN1_STRING_length(ca_public_key_info->chipAuthenticationPublicKeyInfo->subjectPublicKey);
649649
}
650650

651651
if (!EVP_PKEY_set_keys(ca_ctx->ka_ctx->key, NULL, 0, pubkey, pubkey_len, ctx->bn_ctx))

src/eac_ca.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -184,7 +184,7 @@ EAC_CTX_init_ef_cardsecurity(const unsigned char *ef_cardsecurity,
184184
goto err;
185185
os = signed_data->d.other->value.octet_string;
186186

187-
if (!EAC_CTX_init_ef_cardaccess(os->data, os->length, ctx)
187+
if (!EAC_CTX_init_ef_cardaccess(ASN1_STRING_get0_data(os), ASN1_STRING_length(os), ctx)
188188
|| !ctx || !ctx->ca_ctx || !ctx->ca_ctx->ka_ctx)
189189
goto err;
190190

0 commit comments

Comments
 (0)