From 0b7347effee58f5a19e4724c4b277635727c20d8 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 20 Aug 2016 13:02:09 +0100 Subject: [PATCH] Add X509_getm_notBefore, X509_getm_notAfter Add mutable versions of X509_get0_notBefore and X509_get0_notAfter. Rename X509_SIG_get0_mutable to X509_SIG_getm. Reviewed-by: Viktor Dukhovni --- apps/apps.c | 36 ++++++++++--------------------- crypto/asn1/x_sig.c | 4 ++-- crypto/pkcs12/p12_mutl.c | 4 ++-- crypto/pkcs12/p12_npas.c | 2 +- crypto/x509/x509_set.c | 6 ++---- doc/crypto/X509_SIG_get0.pod | 8 +++---- doc/crypto/X509_get_notBefore.pod | 17 ++++++++------- include/openssl/x509.h | 10 +++++---- 8 files changed, 37 insertions(+), 50 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 23c65698ff..522db71322 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2593,33 +2593,19 @@ void corrupt_signature(const ASN1_STRING *signature) int set_cert_times(X509 *x, const char *startdate, const char *enddate, int days) { - int rv = 0; - ASN1_TIME *tm = ASN1_TIME_new(); - if (tm == NULL) - goto err; if (startdate == NULL || strcmp(startdate, "today") == 0) { - if (!X509_gmtime_adj(tm, 0)) - goto err; - } else if (!ASN1_TIME_set_string(tm, startdate)) { - goto err; + if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL) + return 0; + } else { + if (!ASN1_TIME_set_string(X509_getm_notBefore(x), startdate)) + return 0; } - - if (!X509_set1_notBefore(x, tm)) - goto err; - if (enddate == NULL) { - if (!X509_time_adj_ex(tm, days, 0, NULL)) - goto err; - } else if (!ASN1_TIME_set_string(tm, enddate)) { - goto err; + if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL) + == NULL) + return 0; + } else if (!ASN1_TIME_set_string(X509_getm_notAfter(x), enddate)) { + return 0; } - - if (!X509_set1_notAfter(x, tm)) - goto err; - - rv = 1; - - err: - ASN1_TIME_free(tm); - return rv; + return 1; } diff --git a/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c index 1e835cb191..e465cf2d4d 100644 --- a/crypto/asn1/x_sig.c +++ b/crypto/asn1/x_sig.c @@ -29,8 +29,8 @@ void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, *pdigest = sig->digest; } -void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg, - ASN1_OCTET_STRING **pdigest) +void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, + ASN1_OCTET_STRING **pdigest) { if (palg) *palg = sig->algor; diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index d608a5c02c..79639c2169 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -170,7 +170,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR); return 0; } - X509_SIG_get0_mutable(p12->mac->dinfo, NULL, &macoct); + X509_SIG_getm(p12->mac->dinfo, NULL, &macoct); if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) { PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR); return 0; @@ -208,7 +208,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, return 0; } else memcpy(p12->mac->salt->data, salt, saltlen); - X509_SIG_get0_mutable(p12->mac->dinfo, &macalg, NULL); + X509_SIG_getm(p12->mac->dinfo, &macalg, NULL); if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)), V_ASN1_NULL, NULL)) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c index f075bcacc3..0ce75ed330 100644 --- a/crypto/pkcs12/p12_npas.c +++ b/crypto/pkcs12/p12_npas.c @@ -110,7 +110,7 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto err; - X509_SIG_get0_mutable(p12->mac->dinfo, NULL, &macoct); + X509_SIG_getm(p12->mac->dinfo, NULL, &macoct); if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) goto err; diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 8bf367b645..c0ea41883d 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -119,17 +119,15 @@ const ASN1_TIME *X509_get0_notAfter(const X509 *x) return x->cert_info.validity.notAfter; } -#if OPENSSL_API_COMPAT < 0x10100000L -ASN1_TIME *X509_get_notBefore(const X509 *x) +ASN1_TIME *X509_getm_notBefore(const X509 *x) { return x->cert_info.validity.notBefore; } -ASN1_TIME *X509_get_notAfter(const X509 *x) +ASN1_TIME *X509_getm_notAfter(const X509 *x) { return x->cert_info.validity.notAfter; } -#endif int X509_get_signature_type(const X509 *x) { diff --git a/doc/crypto/X509_SIG_get0.pod b/doc/crypto/X509_SIG_get0.pod index a47ae448cc..d24eadcdf9 100644 --- a/doc/crypto/X509_SIG_get0.pod +++ b/doc/crypto/X509_SIG_get0.pod @@ -2,7 +2,7 @@ =head1 NAME -X509_SIG_get0, X509_SIG_get0_mutable - DigestInfo functions +X509_SIG_get0, X509_SIG_getm - DigestInfo functions =head1 SYNOPSIS @@ -10,13 +10,13 @@ X509_SIG_get0, X509_SIG_get0_mutable - DigestInfo functions void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, const ASN1_OCTET_STRING **pdigest); - void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg, - ASN1_OCTET_STRING **pdigest, + void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, + ASN1_OCTET_STRING **pdigest, =head1 DESCRIPTION X509_SIG_get0() returns pointers to the algorithm identifier and digest -value in B. X509_SIG_get0_mutable() is identical to X509_SIG_get0() +value in B. X509_SIG_getm() is identical to X509_SIG_get0() except the pointers returned are not constant and can be modified: for example to initialise them. diff --git a/doc/crypto/X509_get_notBefore.pod b/doc/crypto/X509_get_notBefore.pod index 5fdc83404f..82502f6588 100644 --- a/doc/crypto/X509_get_notBefore.pod +++ b/doc/crypto/X509_get_notBefore.pod @@ -2,9 +2,9 @@ =head1 NAME -X509_get0_notBefore, X509_get_notBefore, X509_get0_notAfter, X509_get_notAfter, -X509_set1_notBefore, X509_set1_notAfter, X509_CRL_get0_lastUpdate, -X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate, +X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, +X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter, +X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate, X509_CRL_set1_nextUpdate - get or set certificate or CRL dates =head1 SYNOPSIS @@ -14,8 +14,8 @@ X509_CRL_set1_nextUpdate - get or set certificate or CRL dates const ASN1_TIME *X509_get0_notBefore(const X509 *x); const ASN1_TIME *X509_get0_notAfter(const X509 *x); - ASN1_TIME *X509_get_notBefore(const X509 *x); - ASN1_TIME *X509_get_notAfter(const X509 *x); + ASN1_TIME *X509_getm_notBefore(const X509 *x); + ASN1_TIME *X509_getm_notAfter(const X509 *x); int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); @@ -33,9 +33,10 @@ and B fields of certificate B respectively. The value returned is an internal pointer which must not be freed up after the call. -X509_get_notBefore() and X509_get_notAfter() are similar to -X509_get0_notBefore() and X509_get0_notAfter() except they do not -return constant values. They are deprecated in OpenSSL 1.1.0 +X509_getm_notBefore() and X509_getm_notAfter() are similar to +X509_get0_notBefore() and X509_get0_notAfter() except they return +non-constant mutable references to the associated date field of +the certficate. X509_set1_notBefore() and X509_set1_notAfter() set the B and B fields of B to B. Ownership of the passed diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 80bb24eabb..1db8c93c9f 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -517,8 +517,8 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length); DECLARE_ASN1_FUNCTIONS(X509_SIG) void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, const ASN1_OCTET_STRING **pdigest); -void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg, - ASN1_OCTET_STRING **pdigest); +void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, + ASN1_OCTET_STRING **pdigest); DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) DECLARE_ASN1_FUNCTIONS(X509_REQ) @@ -622,16 +622,18 @@ X509_NAME *X509_get_issuer_name(const X509 *a); int X509_set_subject_name(X509 *x, X509_NAME *name); X509_NAME *X509_get_subject_name(const X509 *a); const ASN1_TIME * X509_get0_notBefore(const X509 *x); -DEPRECATEDIN_1_1_0(ASN1_TIME *X509_get_notBefore(const X509 *x)) +ASN1_TIME *X509_getm_notBefore(const X509 *x); int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); const ASN1_TIME *X509_get0_notAfter(const X509 *x); -DEPRECATEDIN_1_1_0(ASN1_TIME *X509_get_notAfter(const X509 *x)) +ASN1_TIME *X509_getm_notAfter(const X509 *x); int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); int X509_up_ref(X509 *x); int X509_get_signature_type(const X509 *x); # if OPENSSL_API_COMPAT < 0x10100000L +# define X509_get_notBefore X509_getm_notBefore +# define X509_get_notAfter X509_getm_notAfter # define X509_set_notBefore X509_set1_notBefore # define X509_set_notAfter X509_set1_notAfter #endif -- 2.25.1