Continued patches so certificates and CRLs now can support and use
authorDr. Stephen Henson <steve@openssl.org>
Wed, 20 Jan 1999 00:14:40 +0000 (00:14 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 20 Jan 1999 00:14:40 +0000 (00:14 +0000)
GeneralizedTime.

CHANGES
apps/crl.c
apps/pkcs7.c
apps/s_cb.c
apps/x509.c
crypto/asn1/t_x509.c
crypto/asn1/x_cinf.c
crypto/asn1/x_crl.c
crypto/asn1/x_val.c

diff --git a/CHANGES b/CHANGES
index d2ab339bd5f4fecbc26b6723e29fe8b2684f336c..ec02d06569236fb4f06c55f71b3b2cfba1ea2459 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,13 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
+     ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
+     Removed the versions check from X509 routines when loading extensions:
+     this allows certain broken certificates that don't set the version
+     properly to be processed.
+     [Steve Henson]
+
   *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
      Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
      can still be regenerated with "make depend".
@@ -22,6 +29,7 @@
      C file. To rebuild all the error codes from scratch (the old behaviour)
      either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
      or delete all the .err files.
+     [Steve Henson]
 
   *) CAST-128 was incorrectly implemented for short keys. The C version has
      been fixed, but is untested. The assembler versions are also fixed, but
index acb5cb9b243863379f5dba33d0efc522829d124a..a0098e9efd748f3acf86a4effa4570f1f5ef935b 100644 (file)
@@ -214,14 +214,14 @@ bad:
                        if (lastupdate == i)
                                {
                                fprintf(stdout,"lastUpdate=");
-                               ASN1_UTCTIME_print(bio_out,x->crl->lastUpdate);
+                               ASN1_TIME_print(bio_out,x->crl->lastUpdate);
                                fprintf(stdout,"\n");
                                }
                        if (nextupdate == i)
                                {
                                fprintf(stdout,"nextUpdate=");
                                if (x->crl->nextUpdate != NULL)
-                                       ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate);
+                                       ASN1_TIME_print(bio_out,x->crl->nextUpdate);
                                else
                                        fprintf(stdout,"NONE");
                                fprintf(stdout,"\n");
@@ -264,7 +264,7 @@ bad:
                        fprintf(stdout,"revoked: serialNumber=");
                        i2a_ASN1_INTEGER(out,r->serialNumber);
                        fprintf(stdout," revocationDate=");
-                       ASN1_UTCTIME_print(bio_out,r->revocationDate);
+                       ASN1_TIME_print(bio_out,r->revocationDate);
                        fprintf(stdout,"\n");
                        }
                sk_free(sk);
index 4105dbd9efbd390a1f40e76e146ab420cbf7aaba..06640bf0f2a58e29c8b739eee900cd319e5c5238 100644 (file)
@@ -277,9 +277,9 @@ bad:
                                BIO_puts(out,buf);
 
                                BIO_puts(out,"\nlast update=");
-                               ASN1_UTCTIME_print(out,crl->crl->lastUpdate);
+                               ASN1_TIME_print(out,crl->crl->lastUpdate);
                                BIO_puts(out,"\nnext update=");
-                               ASN1_UTCTIME_print(out,crl->crl->nextUpdate);
+                               ASN1_TIME_print(out,crl->crl->nextUpdate);
                                BIO_puts(out,"\n");
 
                                PEM_write_bio_X509_CRL(out,crl);
index 7fa855c5dcf74b136f3a7660aba8833aa4211ebd..1a7b06e1ee076ed71a18b399f124db1e5018e933 100644 (file)
@@ -109,13 +109,13 @@ X509_STORE_CTX *ctx;
        case X509_V_ERR_CERT_NOT_YET_VALID:
        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
                BIO_printf(bio_err,"notBefore=");
-               ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+               ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
                BIO_printf(bio_err,"\n");
                break;
        case X509_V_ERR_CERT_HAS_EXPIRED:
        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
                BIO_printf(bio_err,"notAfter=");
-               ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+               ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
                BIO_printf(bio_err,"\n");
                break;
                }
index 58ccd939e7b89713aa6bb0e554b0940d94c1ed1d..fa8537e078f10c05e6bd3d23af23e12b8fd26641 100644 (file)
@@ -550,13 +550,13 @@ bad:
                        else if (startdate == i)
                                {
                                BIO_puts(STDout,"notBefore=");
-                               ASN1_UTCTIME_print(STDout,X509_get_notBefore(x));
+                               ASN1_TIME_print(STDout,X509_get_notBefore(x));
                                BIO_puts(STDout,"\n");
                                }
                        else if (enddate == i)
                                {
                                BIO_puts(STDout,"notAfter=");
-                               ASN1_UTCTIME_print(STDout,X509_get_notAfter(x));
+                               ASN1_TIME_print(STDout,X509_get_notAfter(x));
                                BIO_puts(STDout,"\n");
                                }
                        else if (fingerprint == i)
index bfee6f66a790fbda9f347b4050173430ce64bd63..060f99d5a88f00c602d92e2b34cf63bcde207ee9 100644 (file)
@@ -146,9 +146,9 @@ X509 *x;
        if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err;
        if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
        if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
-       if (!ASN1_UTCTIME_print(bp,X509_get_notBefore(x))) goto err;
+       if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
        if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
-       if (!ASN1_UTCTIME_print(bp,X509_get_notAfter(x))) goto err;
+       if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
        if (BIO_write(bp,"\n        Subject: ",18) <= 0) goto err;
        if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
        if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
index 99b9fe7b9f3e73ba4e047008ffb2003e4220faae..88099ea9f780f99e7129e789a9049b7ffedcbb4a 100644 (file)
@@ -147,7 +147,14 @@ long length;
                M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2,
                        V_ASN1_BIT_STRING);
                }
+/* Note: some broken certificates include extensions but don't set
+ * the version number properly. By bypassing this check they can
+ * be parsed.
+ */
+
+#ifdef VERSION_EXT_CHECK
        if (ver >= 2) /* version 3 extensions */
+#endif
                {
                if (ret->extensions != NULL)
                        while (sk_num(ret->extensions))
index 5e1fa796bde2a70021103c57a768d2f3cf7475ee..8629a73f8c48b9d8caf72ec56d83a67199e08af3 100644 (file)
@@ -85,13 +85,13 @@ unsigned char **pp;
        M_ASN1_I2D_vars(a);
 
        M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
-       M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_UTCTIME);
+       M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
        M_ASN1_I2D_len_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION);
 
        M_ASN1_I2D_seq_total();
 
        M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
-       M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_UTCTIME);
+       M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
        M_ASN1_I2D_put_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION);
 
        M_ASN1_I2D_finish();
@@ -107,7 +107,7 @@ long length;
        M_ASN1_D2I_Init();
        M_ASN1_D2I_start_sequence();
        M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
-       M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_UTCTIME);
+       M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_TIME);
        M_ASN1_D2I_get_seq_opt(ret->extensions,d2i_X509_EXTENSION,
                X509_EXTENSION_free);
        M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED);
@@ -130,9 +130,9 @@ unsigned char **pp;
                }
        M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
        M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
-       M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_UTCTIME);
+       M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_TIME);
        if (a->nextUpdate != NULL)
-               { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_UTCTIME); }
+               { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
        M_ASN1_I2D_len_SEQUENCE_opt(a->revoked,i2d_X509_REVOKED);
        M_ASN1_I2D_len_EXP_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION,0,
                V_ASN1_SEQUENCE,v1);
@@ -177,8 +177,18 @@ long length;
                }
        M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
        M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
-       M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_UTCTIME);
-       M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME,V_ASN1_UTCTIME);
+       M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_TIME);
+       /* Manually handle the OPTIONAL ASN1_TIME stuff */
+       if((c.slen != 0) && 
+               ( ( (M_ASN1_next & ~V_ASN1_CONSTRUCTED) ==
+                        V_ASN1_UNIVERSAL|V_ASN1_UTCTIME)
+               || ( ( (M_ASN1_next & ~V_ASN1_CONSTRUCTED) ==
+                        V_ASN1_UNIVERSAL|V_ASN1_GENERALIZEDTIME) ) ) ) {
+               M_ASN1_D2I_get(ret->nextUpdate,d2i_ASN1_TIME);
+       }
+       if(!ret->nextUpdate) 
+               M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_GENERALIZEDTIME,
+                                                       V_ASN1_GENERALIZEDTIME);
        if (ret->revoked != NULL)
                {
                while (sk_num(ret->revoked))
index 8d996e99507582af03b1e990ad1e9223775e8891..f6534a6a5cc51d6ef8577bf17afbb47b60a629fd 100644 (file)
@@ -71,13 +71,13 @@ unsigned char **pp;
        {
        M_ASN1_I2D_vars(a);
 
-       M_ASN1_I2D_len(a->notBefore,i2d_ASN1_UTCTIME);
-       M_ASN1_I2D_len(a->notAfter,i2d_ASN1_UTCTIME);
+       M_ASN1_I2D_len(a->notBefore,i2d_ASN1_TIME);
+       M_ASN1_I2D_len(a->notAfter,i2d_ASN1_TIME);
 
        M_ASN1_I2D_seq_total();
 
-       M_ASN1_I2D_put(a->notBefore,i2d_ASN1_UTCTIME);
-       M_ASN1_I2D_put(a->notAfter,i2d_ASN1_UTCTIME);
+       M_ASN1_I2D_put(a->notBefore,i2d_ASN1_TIME);
+       M_ASN1_I2D_put(a->notAfter,i2d_ASN1_TIME);
 
        M_ASN1_I2D_finish();
        }
@@ -91,8 +91,8 @@ long length;
 
        M_ASN1_D2I_Init();
        M_ASN1_D2I_start_sequence();
-       M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_UTCTIME);
-       M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_UTCTIME);
+       M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_TIME);
+       M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_TIME);
        M_ASN1_D2I_Finish(a,X509_VAL_free,ASN1_F_D2I_X509_VAL);
        }
 
@@ -102,8 +102,8 @@ X509_VAL *X509_VAL_new()
        ASN1_CTX c;
 
        M_ASN1_New_Malloc(ret,X509_VAL);
-       M_ASN1_New(ret->notBefore,ASN1_UTCTIME_new);
-       M_ASN1_New(ret->notAfter,ASN1_UTCTIME_new);
+       M_ASN1_New(ret->notBefore,ASN1_TIME_new);
+       M_ASN1_New(ret->notAfter,ASN1_TIME_new);
        return(ret);
        M_ASN1_New_Error(ASN1_F_X509_VAL_NEW);
        }
@@ -112,8 +112,8 @@ void X509_VAL_free(a)
 X509_VAL *a;
        {
        if (a == NULL) return;
-       ASN1_UTCTIME_free(a->notBefore);
-       ASN1_UTCTIME_free(a->notAfter);
+       ASN1_TIME_free(a->notBefore);
+       ASN1_TIME_free(a->notAfter);
        Free((char *)a);
        }