From dc047d31fa0c31872db8601a1b9fcd35f24d8589 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 19 Aug 2016 16:21:21 +0100 Subject: [PATCH] Set certificate times in one function. Reviewed-by: Rich Salz --- apps/apps.c | 34 ++++++++++++++++++++++++++++++++++ apps/apps.h | 2 ++ apps/ca.c | 11 +++-------- apps/req.c | 4 +--- apps/x509.c | 16 ++++------------ 5 files changed, 44 insertions(+), 23 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 40b31a5844..1ce632f003 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2589,3 +2589,37 @@ void corrupt_signature(const ASN1_STRING *signature) unsigned char *s = signature->data; s[signature->length - 1] ^= 0x1; } + +int set_cert_times(X509 *x, const char *startdate, const char *enddate, + int days) +{ + int rv = 0; + ASN1_TIME *tm = ASN1_TIME_new(); + if (tm == NULL) + goto err; + if (startdate == NULL || strcmp(startdate, "today") == 0) { + if (!X509_gmtime_adj(tm, 0)) + goto err; + } else if (!ASN1_TIME_set_string(tm, startdate)) { + goto err; + } + + if (!X509_set_notBefore(x, tm)) + goto err; + + if (enddate == NULL) { + if (!X509_time_adj_ex(tm, days, 0, NULL)) + goto err; + } else if (!ASN1_TIME_set_string(tm, enddate)) { + goto err; + } + + if (!X509_set_notAfter(x, tm)) + goto err; + + rv = 1; + + err: + ASN1_TIME_free(tm); + return rv; +} diff --git a/apps/apps.h b/apps/apps.h index 326e026231..fc7330537e 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -72,6 +72,8 @@ int has_stdin_waiting(void); # endif void corrupt_signature(const ASN1_STRING *signature); +int set_cert_times(X509 *x, const char *startdate, const char *enddate, + int days); /* * Common verification options. diff --git a/apps/ca.c b/apps/ca.c index a20ba44c09..ef61de2eef 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1698,16 +1698,11 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, goto end; } - if (strcmp(startdate, "today") == 0) - X509_gmtime_adj(X509_get_notBefore(ret), 0); - else - ASN1_TIME_set_string(X509_get_notBefore(ret), startdate); + if (!set_cert_times(ret, startdate, enddate, days)) + goto end; - if (enddate == NULL) - X509_time_adj_ex(X509_get_notAfter(ret), days, 0, NULL); - else { + if (enddate != NULL) { int tdays; - ASN1_TIME_set_string(X509_get_notAfter(ret), enddate); ASN1_TIME_diff(&tdays, NULL, NULL, X509_get_notAfter(ret)); days = tdays; } diff --git a/apps/req.c b/apps/req.c index 112553b48e..bd18708e3a 100644 --- a/apps/req.c +++ b/apps/req.c @@ -616,9 +616,7 @@ int req_main(int argc, char **argv) if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end; - if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0)) - goto end; - if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL)) + if (!set_cert_times(x509ss, NULL, NULL, days)) goto end; if (!X509_set_subject_name (x509ss, X509_REQ_get_subject_name(req))) diff --git a/apps/x509.c b/apps/x509.c index ca9a09f222..0cb38b796a 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -554,9 +554,9 @@ int x509_main(int argc, char **argv) goto end; if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req))) goto end; + if (!set_cert_times(x, NULL, NULL, days)) + goto end; - X509_gmtime_adj(X509_get_notBefore(x), 0); - X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL); if (fkey) X509_set_pubkey(x, fkey); else { @@ -983,11 +983,7 @@ static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *diges if (!X509_set_serialNumber(x, bs)) goto end; - if (X509_gmtime_adj(X509_get_notBefore(x), 0L) == NULL) - goto end; - - /* hardwired expired */ - if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL) + if (!set_cert_times(x, NULL, NULL, days)) goto end; if (clrext) { @@ -1056,12 +1052,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, if (!X509_set_issuer_name(x, X509_get_subject_name(x))) goto err; - if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) + if (!set_cert_times(x, NULL, NULL, days)) goto err; - - if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL) - goto err; - if (!X509_set_pubkey(x, pkey)) goto err; if (clrext) { -- 2.25.1