[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Fri Aug 19 15:54:57 UTC 2016
The branch master has been updated
via dc047d31fa0c31872db8601a1b9fcd35f24d8589 (commit)
via 3a60d6fa2f8a908d972f8787dc137acb7b8b26e3 (commit)
from 2a9afa4046592d44af84644cd89fe1a0d6d46889 (commit)
- Log -----------------------------------------------------------------
commit dc047d31fa0c31872db8601a1b9fcd35f24d8589
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Aug 19 16:21:21 2016 +0100
Set certificate times in one function.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 3a60d6fa2f8a908d972f8787dc137acb7b8b26e3
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Aug 19 16:12:31 2016 +0100
Avoid duplicated code.
The certificate and CRL time setting functions used similar code,
combine into a single utility function.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 34 ++++++++++++++++++++++++++++++++++
apps/apps.h | 2 ++
apps/ca.c | 11 +++--------
apps/req.c | 4 +---
apps/x509.c | 16 ++++------------
crypto/include/internal/x509_int.h | 1 +
crypto/x509/x509_set.c | 32 +++++++++++++-------------------
crypto/x509/x509cset.c | 28 ++++------------------------
8 files changed, 62 insertions(+), 66 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index 40b31a5..1ce632f 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2589,3 +2589,37 @@ void corrupt_signature(const ASN1_STRING *signature)
unsigned char *s = signature->data;
s[signature->length - 1] ^= 0x1;
}
+
+int set_cert_times(X509 *x, const char *startdate, const char *enddate,
+ int days)
+{
+ int rv = 0;
+ ASN1_TIME *tm = ASN1_TIME_new();
+ if (tm == NULL)
+ goto err;
+ if (startdate == NULL || strcmp(startdate, "today") == 0) {
+ if (!X509_gmtime_adj(tm, 0))
+ goto err;
+ } else if (!ASN1_TIME_set_string(tm, startdate)) {
+ goto err;
+ }
+
+ if (!X509_set_notBefore(x, tm))
+ goto err;
+
+ if (enddate == NULL) {
+ if (!X509_time_adj_ex(tm, days, 0, NULL))
+ goto err;
+ } else if (!ASN1_TIME_set_string(tm, enddate)) {
+ goto err;
+ }
+
+ if (!X509_set_notAfter(x, tm))
+ goto err;
+
+ rv = 1;
+
+ err:
+ ASN1_TIME_free(tm);
+ return rv;
+}
diff --git a/apps/apps.h b/apps/apps.h
index 326e026..fc73305 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -72,6 +72,8 @@ int has_stdin_waiting(void);
# endif
void corrupt_signature(const ASN1_STRING *signature);
+int set_cert_times(X509 *x, const char *startdate, const char *enddate,
+ int days);
/*
* Common verification options.
diff --git a/apps/ca.c b/apps/ca.c
index a20ba44..ef61de2 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1698,16 +1698,11 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto end;
}
- if (strcmp(startdate, "today") == 0)
- X509_gmtime_adj(X509_get_notBefore(ret), 0);
- else
- ASN1_TIME_set_string(X509_get_notBefore(ret), startdate);
+ if (!set_cert_times(ret, startdate, enddate, days))
+ goto end;
- if (enddate == NULL)
- X509_time_adj_ex(X509_get_notAfter(ret), days, 0, NULL);
- else {
+ if (enddate != NULL) {
int tdays;
- ASN1_TIME_set_string(X509_get_notAfter(ret), enddate);
ASN1_TIME_diff(&tdays, NULL, NULL, X509_get_notAfter(ret));
days = tdays;
}
diff --git a/apps/req.c b/apps/req.c
index 112553b..bd18708 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -616,9 +616,7 @@ int req_main(int argc, char **argv)
if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req)))
goto end;
- if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0))
- goto end;
- if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL))
+ if (!set_cert_times(x509ss, NULL, NULL, days))
goto end;
if (!X509_set_subject_name
(x509ss, X509_REQ_get_subject_name(req)))
diff --git a/apps/x509.c b/apps/x509.c
index ca9a09f..0cb38b7 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -554,9 +554,9 @@ int x509_main(int argc, char **argv)
goto end;
if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req)))
goto end;
+ if (!set_cert_times(x, NULL, NULL, days))
+ goto end;
- X509_gmtime_adj(X509_get_notBefore(x), 0);
- X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL);
if (fkey)
X509_set_pubkey(x, fkey);
else {
@@ -983,11 +983,7 @@ static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *diges
if (!X509_set_serialNumber(x, bs))
goto end;
- if (X509_gmtime_adj(X509_get_notBefore(x), 0L) == NULL)
- goto end;
-
- /* hardwired expired */
- if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
+ if (!set_cert_times(x, NULL, NULL, days))
goto end;
if (clrext) {
@@ -1056,12 +1052,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
if (!X509_set_issuer_name(x, X509_get_subject_name(x)))
goto err;
- if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
+ if (!set_cert_times(x, NULL, NULL, days))
goto err;
-
- if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
- goto err;
-
if (!X509_set_pubkey(x, pkey))
goto err;
if (clrext) {
diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h
index 3d0b0bd..2845026 100644
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -264,3 +264,4 @@ struct x509_object_st {
};
int a2i_ipadd(unsigned char *ipout, const char *ipasc);
+int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index dfcecb1..3cebf6e 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -57,38 +57,32 @@ int X509_set_subject_name(X509 *x, X509_NAME *name)
return (X509_NAME_set(&x->cert_info.subject, name));
}
-int X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
+int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
{
ASN1_TIME *in;
-
- if (x == NULL)
- return (0);
- in = x->cert_info.validity.notBefore;
+ in = *ptm;
if (in != tm) {
in = ASN1_STRING_dup(tm);
if (in != NULL) {
- ASN1_TIME_free(x->cert_info.validity.notBefore);
- x->cert_info.validity.notBefore = in;
+ ASN1_TIME_free(*ptm);
+ *ptm = in;
}
}
return (in != NULL);
}
-int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
+int X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
{
- ASN1_TIME *in;
+ if (x == NULL)
+ return 0;
+ return x509_set1_time(&x->cert_info.validity.notBefore, tm);
+}
+int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
+{
if (x == NULL)
- return (0);
- in = x->cert_info.validity.notAfter;
- if (in != tm) {
- in = ASN1_STRING_dup(tm);
- if (in != NULL) {
- ASN1_TIME_free(x->cert_info.validity.notAfter);
- x->cert_info.validity.notAfter = in;
- }
- }
- return (in != NULL);
+ return 0;
+ return x509_set1_time(&x->cert_info.validity.notAfter, tm);
}
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index fedb2c5..681c438 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -35,36 +35,16 @@ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
{
- ASN1_TIME *in;
-
if (x == NULL)
- return (0);
- in = x->crl.lastUpdate;
- if (in != tm) {
- in = ASN1_STRING_dup(tm);
- if (in != NULL) {
- ASN1_TIME_free(x->crl.lastUpdate);
- x->crl.lastUpdate = in;
- }
- }
- return (in != NULL);
+ return 0;
+ return x509_set1_time(&x->crl.lastUpdate, tm);
}
int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
{
- ASN1_TIME *in;
-
if (x == NULL)
- return (0);
- in = x->crl.nextUpdate;
- if (in != tm) {
- in = ASN1_STRING_dup(tm);
- if (in != NULL) {
- ASN1_TIME_free(x->crl.nextUpdate);
- x->crl.nextUpdate = in;
- }
- }
- return (in != NULL);
+ return 0;
+ return x509_set1_time(&x->crl.nextUpdate, tm);
}
int X509_CRL_sort(X509_CRL *c)
More information about the openssl-commits
mailing list