Browse Source

Add X509_getm_notBefore, X509_getm_notAfter

Add mutable versions of X509_get0_notBefore and X509_get0_notAfter.

Rename X509_SIG_get0_mutable to X509_SIG_getm.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
master
Dr. Stephen Henson 6 years ago
parent
commit
0b7347effe
8 changed files with 37 additions and 50 deletions
  1. +11
    -25
      apps/apps.c
  2. +2
    -2
      crypto/asn1/x_sig.c
  3. +2
    -2
      crypto/pkcs12/p12_mutl.c
  4. +1
    -1
      crypto/pkcs12/p12_npas.c
  5. +2
    -4
      crypto/x509/x509_set.c
  6. +4
    -4
      doc/crypto/X509_SIG_get0.pod
  7. +9
    -8
      doc/crypto/X509_get_notBefore.pod
  8. +6
    -4
      include/openssl/x509.h

+ 11
- 25
apps/apps.c View File

@ -2593,33 +2593,19 @@ void corrupt_signature(const ASN1_STRING *signature)
int set_cert_times(X509 *x, const char *startdate, const char *enddate,
int days)
{
int rv = 0;
ASN1_TIME *tm = ASN1_TIME_new();
if (tm == NULL)
goto err;
if (startdate == NULL || strcmp(startdate, "today") == 0) {
if (!X509_gmtime_adj(tm, 0))
goto err;
} else if (!ASN1_TIME_set_string(tm, startdate)) {
goto err;
if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL)
return 0;
} else {
if (!ASN1_TIME_set_string(X509_getm_notBefore(x), startdate))
return 0;
}
if (!X509_set1_notBefore(x, tm))
goto err;
if (enddate == NULL) {
if (!X509_time_adj_ex(tm, days, 0, NULL))
goto err;
} else if (!ASN1_TIME_set_string(tm, enddate)) {
goto err;
if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL)
== NULL)
return 0;
} else if (!ASN1_TIME_set_string(X509_getm_notAfter(x), enddate)) {
return 0;
}
if (!X509_set1_notAfter(x, tm))
goto err;
rv = 1;
err:
ASN1_TIME_free(tm);
return rv;
return 1;
}

+ 2
- 2
crypto/asn1/x_sig.c View File

@ -29,8 +29,8 @@ void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
*pdigest = sig->digest;
}
void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest)
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest)
{
if (palg)
*palg = sig->algor;


+ 2
- 2
crypto/pkcs12/p12_mutl.c View File

@ -170,7 +170,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
return 0;
}
X509_SIG_get0_mutable(p12->mac->dinfo, NULL, &macoct);
X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) {
PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
return 0;
@ -208,7 +208,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
return 0;
} else
memcpy(p12->mac->salt->data, salt, saltlen);
X509_SIG_get0_mutable(p12->mac->dinfo, &macalg, NULL);
X509_SIG_getm(p12->mac->dinfo, &macalg, NULL);
if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)),
V_ASN1_NULL, NULL)) {
PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);


+ 1
- 1
crypto/pkcs12/p12_npas.c View File

@ -110,7 +110,7 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
goto err;
X509_SIG_get0_mutable(p12->mac->dinfo, NULL, &macoct);
X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
if (!ASN1_OCTET_STRING_set(macoct, mac, maclen))
goto err;


+ 2
- 4
crypto/x509/x509_set.c View File

@ -119,17 +119,15 @@ const ASN1_TIME *X509_get0_notAfter(const X509 *x)
return x->cert_info.validity.notAfter;
}
#if OPENSSL_API_COMPAT < 0x10100000L
ASN1_TIME *X509_get_notBefore(const X509 *x)
ASN1_TIME *X509_getm_notBefore(const X509 *x)
{
return x->cert_info.validity.notBefore;
}
ASN1_TIME *X509_get_notAfter(const X509 *x)
ASN1_TIME *X509_getm_notAfter(const X509 *x)
{
return x->cert_info.validity.notAfter;
}
#endif
int X509_get_signature_type(const X509 *x)
{


+ 4
- 4
doc/crypto/X509_SIG_get0.pod View File

@ -2,7 +2,7 @@
=head1 NAME
X509_SIG_get0, X509_SIG_get0_mutable - DigestInfo functions
X509_SIG_get0, X509_SIG_getm - DigestInfo functions
=head1 SYNOPSIS
@ -10,13 +10,13 @@ X509_SIG_get0, X509_SIG_get0_mutable - DigestInfo functions
void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
const ASN1_OCTET_STRING **pdigest);
void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest,
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest,
=head1 DESCRIPTION
X509_SIG_get0() returns pointers to the algorithm identifier and digest
value in B<sig>. X509_SIG_get0_mutable() is identical to X509_SIG_get0()
value in B<sig>. X509_SIG_getm() is identical to X509_SIG_get0()
except the pointers returned are not constant and can be modified:
for example to initialise them.


+ 9
- 8
doc/crypto/X509_get_notBefore.pod View File

@ -2,9 +2,9 @@
=head1 NAME
X509_get0_notBefore, X509_get_notBefore, X509_get0_notAfter, X509_get_notAfter,
X509_set1_notBefore, X509_set1_notAfter, X509_CRL_get0_lastUpdate,
X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate,
X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter,
X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter,
X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate,
X509_CRL_set1_nextUpdate - get or set certificate or CRL dates
=head1 SYNOPSIS
@ -14,8 +14,8 @@ X509_CRL_set1_nextUpdate - get or set certificate or CRL dates
const ASN1_TIME *X509_get0_notBefore(const X509 *x);
const ASN1_TIME *X509_get0_notAfter(const X509 *x);
ASN1_TIME *X509_get_notBefore(const X509 *x);
ASN1_TIME *X509_get_notAfter(const X509 *x);
ASN1_TIME *X509_getm_notBefore(const X509 *x);
ASN1_TIME *X509_getm_notAfter(const X509 *x);
int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
@ -33,9 +33,10 @@ and B<notAfter> fields of certificate B<x> respectively. The value
returned is an internal pointer which must not be freed up after
the call.
X509_get_notBefore() and X509_get_notAfter() are similar to
X509_get0_notBefore() and X509_get0_notAfter() except they do not
return constant values. They are deprecated in OpenSSL 1.1.0
X509_getm_notBefore() and X509_getm_notAfter() are similar to
X509_get0_notBefore() and X509_get0_notAfter() except they return
non-constant mutable references to the associated date field of
the certficate.
X509_set1_notBefore() and X509_set1_notAfter() set the B<notBefore>
and B<notAfter> fields of B<x> to B<tm>. Ownership of the passed


+ 6
- 4
include/openssl/x509.h View File

@ -517,8 +517,8 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length);
DECLARE_ASN1_FUNCTIONS(X509_SIG)
void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
const ASN1_OCTET_STRING **pdigest);
void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest);
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest);
DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
DECLARE_ASN1_FUNCTIONS(X509_REQ)
@ -622,16 +622,18 @@ X509_NAME *X509_get_issuer_name(const X509 *a);
int X509_set_subject_name(X509 *x, X509_NAME *name);
X509_NAME *X509_get_subject_name(const X509 *a);
const ASN1_TIME * X509_get0_notBefore(const X509 *x);
DEPRECATEDIN_1_1_0(ASN1_TIME *X509_get_notBefore(const X509 *x))
ASN1_TIME *X509_getm_notBefore(const X509 *x);
int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
const ASN1_TIME *X509_get0_notAfter(const X509 *x);
DEPRECATEDIN_1_1_0(ASN1_TIME *X509_get_notAfter(const X509 *x))
ASN1_TIME *X509_getm_notAfter(const X509 *x);
int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
int X509_up_ref(X509 *x);
int X509_get_signature_type(const X509 *x);
# if OPENSSL_API_COMPAT < 0x10100000L
# define X509_get_notBefore X509_getm_notBefore
# define X509_get_notAfter X509_getm_notAfter
# define X509_set_notBefore X509_set1_notBefore
# define X509_set_notAfter X509_set1_notAfter
#endif


Loading…
Cancel
Save