Name: cert-svc-vcore
Description: cert-svc-vcore
Version: @VERSION@
-Requires: libxml-2.0 libxslt openssl xmlsec1
+Requires: libxml-2.0 libxslt openssl1.1 xmlsec1
Libs: -L${libdir} -lcert-svc-vcore
Cflags: -I${includedir}/cert-svc
BuildRequires: cmake
BuildRequires: coreutils
BuildRequires: findutils
-BuildRequires: openssl
BuildRequires: pkgconfig(dlog)
BuildRequires: pkgconfig(klay)
-BuildRequires: pkgconfig(openssl)
+BuildRequires: openssl1.1
+BuildRequires: pkgconfig(openssl1.1)
BuildRequires: pkgconfig(libpcrecpp)
BuildRequires: pkgconfig(xmlsec1)
BuildRequires: pkgconfig(libxml-2.0)
REQUIRED
libxml-2.0
libpcrecpp
- openssl
+ openssl1.1
xmlsec1
dlog
libsystemd-journal
/*
- * Copyright (c) 2016 - 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
int entryCount = X509_NAME_entry_count(subjectName);
for (int i = 0; i < entryCount; ++i) {
- subjectEntry = X509_NAME_get_entry(subjectName,
- i);
+ subjectEntry = X509_NAME_get_entry(subjectName, i);
if (!subjectEntry) {
continue;
continue;
}
- ASN1_STRING *pASN1Str = subjectEntry->value;
+ ASN1_STRING *pASN1Str = X509_NAME_ENTRY_get_data(subjectEntry);
unsigned char *pData = NULL;
- int nLength = ASN1_STRING_to_UTF8(&pData,
- pASN1Str);
+ int nLength = ASN1_STRING_to_UTF8(&pData, pASN1Str);
if (nLength < 0)
- VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
- "Reading field error.");
+ VcoreThrowMsg(Certificate::Exception::OpensslInternalError, "Reading field error.");
if (!pData) {
output = std::string();
std::string Certificate::getUID(FieldType type) const
{
- ASN1_BIT_STRING *uid = NULL;
+ const ASN1_BIT_STRING *uid = NULL;
+ const ASN1_BIT_STRING *subjectUID, *issuerUID;
- if (type == FIELD_SUBJECT)
- uid = m_x509->cert_info->subjectUID;
- else
- uid = m_x509->cert_info->issuerUID;
+ X509_get0_uids(m_x509, &issuerUID, &subjectUID);
+ uid = (type == FIELD_SUBJECT) ? subjectUID : issuerUID;
if (uid->data == NULL)
return std::string();
if (OBJ_obj2nid(ad->method) == NID_ad_OCSP &&
ad->location->type == GEN_URI) {
- void *data = ASN1_STRING_data(ad->location->d.ia5);
+ const unsigned char *data = ASN1_STRING_get0_data(ad->location->d.ia5);
if (!data)
retValue = std::string();
else
- retValue = std::string(static_cast<char *>(data));
+ retValue = std::string(reinterpret_cast<const char *>(data));
break;
}
"openssl sk_GENERAL_NAME_pop err.");
if (type == namePart->type) {
- char *temp;
+ const char *temp;
switch (type) {
case GEN_DNS:
- temp = reinterpret_cast<char *>(ASN1_STRING_data(namePart->d.dNSName));
+ temp = reinterpret_cast<const char *>(ASN1_STRING_get0_data(namePart->d.dNSName));
break;
case GEN_URI:
- temp = reinterpret_cast<char *>(ASN1_STRING_data(namePart->d.uniformResourceIdentifier));
+ temp = reinterpret_cast<const char *>(ASN1_STRING_get0_data(namePart->d.uniformResourceIdentifier));
break;
default:
VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
"Error in BIO_new");
- if (i2a_ASN1_OBJECT(b.get(), m_x509->cert_info->signature->algorithm) < 0)
+ if (i2a_ASN1_OBJECT(b.get(), X509_get0_tbs_sigalg(m_x509)->algorithm) < 0)
VcoreThrowMsg(Certificate::Exception::OpensslInternalError,
"Error in i2a_ASN1_OBJECT");
std::string Certificate::getPublicKeyAlgoString() const
{
- return std::string(static_cast<const char *>(
- OBJ_nid2ln(OBJ_obj2nid(m_x509->cert_info->key->algor->algorithm))));
+ X509_PUBKEY *pkey = X509_get_X509_PUBKEY(m_x509);
+ if (!pkey)
+ return std::string();
+
+ ASN1_OBJECT *algor_obj;
+ int ret = X509_PUBKEY_get0_param(&algor_obj, NULL, NULL, NULL, pkey);
+ if (ret == 0 || !algor_obj)
+ return std::string();
+
+ return std::string(static_cast<const char *>(OBJ_nid2ln(OBJ_obj2nid(algor_obj))));
}
int Certificate::isCA() const
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
EVP_PKEY *pKey = X509_get_pubkey(m_certificatePtr->getX509());
if (pKey != NULL) {
- if (pKey->type == EVP_PKEY_RSA) {
- RSA *pRSA = pKey->pkey.rsa;
+ if (EVP_PKEY_type(EVP_PKEY_base_id(pKey)) == EVP_PKEY_RSA) {
+ RSA *pRSA = EVP_PKEY_get0_RSA(pKey);
if (pRSA) {
int keyLength = RSA_size(pRSA);
}
if (algorithm == NULL) {
- md = EVP_get_digestbyobj(cert->cert_info->signature->algorithm);
+ md = EVP_get_digestbynid(X509_get_signature_nid(cert));
} else {
md = EVP_get_digestbyname(algorithm);
}
break;
}
- X509_STORE_CTX context;
- if(!X509_STORE_CTX_init(&context, store, cert, ustore)) {
+ X509_STORE_CTX *context;
+ context = X509_STORE_CTX_new();
+ if(!context) {
X509_STORE_free(store);
sk_X509_free(ustore);
return CERTSVC_FAIL;
}
- int result = X509_verify_cert(&context);
+ if(!X509_STORE_CTX_init(context, store, cert, ustore)) {
+ X509_STORE_free(store);
+ sk_X509_free(ustore);
+ X509_STORE_CTX_free(context);
+ return CERTSVC_FAIL;
+ }
+ int result = X509_verify_cert(context);
if (result == 1 && checkCaFlag) { // check strictly
- STACK_OF(X509) *resultChain = X509_STORE_CTX_get1_chain(&context);
+ STACK_OF(X509) *resultChain = X509_STORE_CTX_get1_chain(context);
// the last one is not a CA.
while (sk_X509_num(resultChain) > 1) {
sk_X509_pop_free(resultChain, X509_free);
}
- X509_STORE_CTX_cleanup(&context);
+ X509_STORE_CTX_cleanup(context);
X509_STORE_free(store);
sk_X509_free(ustore);
+ X509_STORE_CTX_free(context);
if (result == 1) {
*status = CERTSVC_SUCCESS;
/**
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
}
X509UniquePtr x509Ptr(x509, X509_free);
- const char *subject_c = X509_NAME_oneline(x509->cert_info->subject, NULL, 0);
+ const char *subject_c = X509_NAME_oneline(X509_get_subject_name(x509), NULL, 0);
if (subject_c == NULL) {
LogError("Failed to parse x509 structure");
#ifdef _CERT_SVC_VERIFY_PKCS12
if (certv == NULL) {
- pSubject = X509_NAME_oneline(cert->cert_info->subject, NULL, 0);
+ pSubject = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
if (!pSubject) {
LogError("Failed to get subject name");
goto free_memory;
}
- pIssuerName = X509_NAME_oneline(cert->cert_info->issuer, NULL, 0);
+ pIssuerName = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
if (!pIssuerName) {
LogError("Failed to get issuer name");
PKG_CHECK_MODULES(TEST_DEP
REQUIRED
libpcrecpp
- openssl
+ openssl1.1
)
SET(TEST_DIR ${CMAKE_CURRENT_SOURCE_DIR})
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
_get_string_field_and_check(
cert,
CERTSVC_KEY,
- " Public-Key: (1024 bit)\n"
+ " RSA Public-Key: (1024 bit)\n"
" Modulus:\n"
" 00:d8:08:a3:a3:05:fb:e2:df:36:cd:e3:48:2f:3b:\n"
" 59:17:ce:e3:32:bf:9f:ef:f1:7c:fb:27:f9:7c:32:\n"
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
-RUNNER_TEST(T004301_gentime_positive_full_local_only)
+RUNNER_TEST(T004301_gentime_negative_full_local_only)
{
- UnitWrapper("20001231235959.999", V_ASN1_GENERALIZEDTIME, 1);
+ // ASN1_TIME_check() says that time format is syntactically incorrect
+ UnitWrapper("20001231235959.999", V_ASN1_GENERALIZEDTIME, 0);
}
RUNNER_TEST(T004302_gentime_positive_full_utc_only)
UnitWrapper("20001231235959.999-1259", V_ASN1_GENERALIZEDTIME, 1);
}
-RUNNER_TEST(T004305_gentime_positive_no_fff_local_only)
+RUNNER_TEST(T004305_gentime_negative_no_fff_local_only)
{
- UnitWrapper("20001231235959", V_ASN1_GENERALIZEDTIME, 1);
+ // ASN1_TIME_check() says that time format is syntactically incorrect
+ UnitWrapper("20001231235959", V_ASN1_GENERALIZEDTIME, 0);
}
RUNNER_TEST(T004306_gentime_positive_no_fff_utc_only)