X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fcrypto%2FX509.cpp;h=f9dbc7a7ff65aef55e4fefd0edd4d01ba1ae8d4a;hb=8c36452a1422eea1631cff4d90a3b801ed05cd77;hp=1c78a512c332373f9f3e8828dbe180c0a7d8827c;hpb=156855b7e12c3a0254590da514b0d0e8efe469f4;p=cassiopeia.git

diff --git a/src/crypto/X509.cpp b/src/crypto/X509.cpp
index 1c78a51..f9dbc7a 100644
--- a/src/crypto/X509.cpp
+++ b/src/crypto/X509.cpp
@@ -133,7 +133,9 @@ void X509Cert::setPubkeyFrom( std::shared_ptr<X509Req> req ) {
 }
 
 void X509Cert::setSerialNumber( BIGNUM* num ) {
-    BN_to_ASN1_INTEGER( num , target->cert_info->serialNumber );
+    ASN1_INTEGER *i = BN_to_ASN1_INTEGER( num, NULL);
+    X509_set_serialNumber(target.get(), i);
+    ASN1_INTEGER_free(i);
 }
 
 void X509Cert::setTimes( uint32_t before, uint32_t after ) {
@@ -154,7 +156,7 @@ static X509_EXTENSION* do_ext_i2d( int ext_nid, int crit, ASN1_VALUE* ext_struc
         goto merr;
     }
 
-    if( !( ext_oct = M_ASN1_OCTET_STRING_new() ) ) {
+    if( !( ext_oct = ASN1_OCTET_STRING_new() ) ) {
         goto merr;
     }
 
@@ -167,7 +169,7 @@ static X509_EXTENSION* do_ext_i2d( int ext_nid, int crit, ASN1_VALUE* ext_struc
         goto merr;
     }
 
-    M_ASN1_OCTET_STRING_free( ext_oct );
+    ASN1_OCTET_STRING_free( ext_oct );
     return ext;
 
 merr:
@@ -206,7 +208,7 @@ void X509Cert::setExtensions( std::shared_ptr<X509> caCert, std::vector<std::sha
         gen->type = name->type == "DNS" ? GEN_DNS : name->type == "email" ? GEN_EMAIL : 0; // GEN_EMAIL;
 
         if( !gen->type
-                || !( gen->d.ia5 = M_ASN1_IA5STRING_new() )
+                || !( gen->d.ia5 = ASN1_IA5STRING_new() )
                 || !ASN1_STRING_set( gen->d.ia5, name->content.data(), name->content.size() ) ) {
             GENERAL_NAME_free( gen );
             throw std::runtime_error("initing iasting5 failed");
@@ -235,9 +237,11 @@ std::shared_ptr<SignedCertificate> X509Cert::sign( std::shared_ptr<EVP_PKEY> caK
     } else if( signAlg == "sha256" ) {
         md = EVP_sha256();
     } else if( signAlg == "sha1" ) {
-        md = EVP_sha1();
+        throw std::runtime_error("Refusing to sign with weak signature algorithm (SHA-1).");
+    } else if( signAlg == "md5" ) {
+        throw std::runtime_error("Refusing to sign with weak signature algorithm (MD5).");
     } else {
-        throw std::runtime_error("Unknown md-type");
+        throw std::runtime_error("Unknown signature algorithm");
     }
 
     if( !X509_sign( target.get(), caKey.get(), md ) ) {
@@ -260,7 +264,7 @@ std::shared_ptr<SignedCertificate> X509Cert::sign( std::shared_ptr<EVP_PKEY> caK
     auto res = std::make_shared<SignedCertificate>();
     res->certificate = std::string( buf->data, buf->data + buf->length );
 
-    std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( target->cert_info->serialNumber, NULL ), BN_free );
+    std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( X509_get_serialNumber(target.get()), NULL ), BN_free );
 
     if( !ser ) {
         throw std::runtime_error("Failed to retrieve certificate serial of signed certificate.");