Make NEG_PUBKEY_BUG on by default.
ASN1_TIME fixes. New function c2i_ASN1_OBJECT().
This commit is contained in:
parent
47ff5de8c2
commit
284ef5f357
17
CHANGES
17
CHANGES
@ -4,6 +4,23 @@
|
|||||||
|
|
||||||
Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
|
Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
|
||||||
|
|
||||||
|
*) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
|
||||||
|
Also change the functions X509_cmp_current_time() and
|
||||||
|
X509_gmtime_adj() work with an ASN1_TIME structure,
|
||||||
|
this will enable certificates using GeneralizedTime in validity
|
||||||
|
dates to be checked.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) Make the NEG_PUBKEY_BUG code (which tolerates invalid
|
||||||
|
negative public key encodings) on by default,
|
||||||
|
NO_NEG_PUBKEY_BUG can be set to disable it.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
|
*) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
|
||||||
|
content octets. An i2c_ASN1_OBJECT is unnecessary because
|
||||||
|
the encoding can be trivially obtained from the structure.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
*) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
|
*) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
|
||||||
not read locks (CRYPTO_r_[un]lock).
|
not read locks (CRYPTO_r_[un]lock).
|
||||||
[Bodo Moeller]
|
[Bodo Moeller]
|
||||||
|
@ -190,24 +190,13 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
|
|||||||
|
|
||||||
ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
|
ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
|
||||||
long length)
|
long length)
|
||||||
{
|
{
|
||||||
ASN1_OBJECT *ret=NULL;
|
|
||||||
unsigned char *p;
|
unsigned char *p;
|
||||||
long len;
|
long len;
|
||||||
int tag,xclass;
|
int tag,xclass;
|
||||||
int inf,i;
|
int inf,i;
|
||||||
|
ASN1_OBJECT *ret = NULL;
|
||||||
/* only the ASN1_OBJECTs from the 'table' will have values
|
|
||||||
* for ->sn or ->ln */
|
|
||||||
if ((a == NULL) || ((*a) == NULL) ||
|
|
||||||
!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
|
|
||||||
{
|
|
||||||
if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
|
|
||||||
}
|
|
||||||
else ret=(*a);
|
|
||||||
|
|
||||||
p= *pp;
|
p= *pp;
|
||||||
|
|
||||||
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
|
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
|
||||||
if (inf & 0x80)
|
if (inf & 0x80)
|
||||||
{
|
{
|
||||||
@ -220,6 +209,32 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
|
|||||||
i=ASN1_R_EXPECTING_AN_OBJECT;
|
i=ASN1_R_EXPECTING_AN_OBJECT;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
ret = c2i_ASN1_OBJECT(a, &p, len);
|
||||||
|
if(ret) *pp = p;
|
||||||
|
return ret;
|
||||||
|
err:
|
||||||
|
ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
|
||||||
|
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
|
||||||
|
ASN1_OBJECT_free(ret);
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
|
||||||
|
long len)
|
||||||
|
{
|
||||||
|
ASN1_OBJECT *ret=NULL;
|
||||||
|
unsigned char *p;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
/* only the ASN1_OBJECTs from the 'table' will have values
|
||||||
|
* for ->sn or ->ln */
|
||||||
|
if ((a == NULL) || ((*a) == NULL) ||
|
||||||
|
!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
|
||||||
|
{
|
||||||
|
if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
|
||||||
|
}
|
||||||
|
else ret=(*a);
|
||||||
|
|
||||||
|
p= *pp;
|
||||||
if ((ret->data == NULL) || (ret->length < len))
|
if ((ret->data == NULL) || (ret->length < len))
|
||||||
{
|
{
|
||||||
if (ret->data != NULL) OPENSSL_free(ret->data);
|
if (ret->data != NULL) OPENSSL_free(ret->data);
|
||||||
|
@ -237,6 +237,7 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
|
|||||||
#define ASN1_BMPSTRING ASN1_STRING
|
#define ASN1_BMPSTRING ASN1_STRING
|
||||||
#define ASN1_VISIBLESTRING ASN1_STRING
|
#define ASN1_VISIBLESTRING ASN1_STRING
|
||||||
#define ASN1_UTF8STRING ASN1_STRING
|
#define ASN1_UTF8STRING ASN1_STRING
|
||||||
|
#define ASN1_BOOLEAN int
|
||||||
#else
|
#else
|
||||||
typedef struct asn1_string_st ASN1_INTEGER;
|
typedef struct asn1_string_st ASN1_INTEGER;
|
||||||
typedef struct asn1_string_st ASN1_ENUMERATED;
|
typedef struct asn1_string_st ASN1_ENUMERATED;
|
||||||
@ -253,6 +254,7 @@ typedef struct asn1_string_st ASN1_TIME;
|
|||||||
typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
|
typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
|
||||||
typedef struct asn1_string_st ASN1_VISIBLESTRING;
|
typedef struct asn1_string_st ASN1_VISIBLESTRING;
|
||||||
typedef struct asn1_string_st ASN1_UTF8STRING;
|
typedef struct asn1_string_st ASN1_UTF8STRING;
|
||||||
|
typedef int ASN1_BOOLEAN;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
typedef int ASN1_NULL;
|
typedef int ASN1_NULL;
|
||||||
@ -265,6 +267,7 @@ typedef struct asn1_type_st
|
|||||||
int type;
|
int type;
|
||||||
union {
|
union {
|
||||||
char *ptr;
|
char *ptr;
|
||||||
|
ASN1_BOOLEAN boolean;
|
||||||
ASN1_STRING * asn1_string;
|
ASN1_STRING * asn1_string;
|
||||||
ASN1_OBJECT * object;
|
ASN1_OBJECT * object;
|
||||||
ASN1_INTEGER * integer;
|
ASN1_INTEGER * integer;
|
||||||
@ -506,6 +509,8 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
|
|||||||
ASN1_OBJECT * ASN1_OBJECT_new(void );
|
ASN1_OBJECT * ASN1_OBJECT_new(void );
|
||||||
void ASN1_OBJECT_free(ASN1_OBJECT *a);
|
void ASN1_OBJECT_free(ASN1_OBJECT *a);
|
||||||
int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
|
int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
|
||||||
|
ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
|
||||||
|
long length);
|
||||||
ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
|
ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
|
||||||
long length);
|
long length);
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@
|
|||||||
#include <openssl/objects.h>
|
#include <openssl/objects.h>
|
||||||
#include <openssl/asn1_mac.h>
|
#include <openssl/asn1_mac.h>
|
||||||
|
|
||||||
#ifdef NEG_PUBKEY_BUG
|
#ifndef NO_NEG_PUBKEY_BUG
|
||||||
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
|
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@
|
|||||||
#include <openssl/objects.h>
|
#include <openssl/objects.h>
|
||||||
#include <openssl/asn1_mac.h>
|
#include <openssl/asn1_mac.h>
|
||||||
|
|
||||||
#ifdef NEG_PUBKEY_BUG
|
#ifndef NO_NEG_PUBKEY_BUG
|
||||||
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
|
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -66,7 +66,7 @@
|
|||||||
#include <openssl/objects.h>
|
#include <openssl/objects.h>
|
||||||
#include <openssl/asn1_mac.h>
|
#include <openssl/asn1_mac.h>
|
||||||
|
|
||||||
#ifdef NEG_PUBKEY_BUG
|
#ifndef NO_NEG_PUBKEY_BUG
|
||||||
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
|
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -138,8 +138,8 @@ DECLARE_ASN1_SET_OF(X509_ALGOR)
|
|||||||
|
|
||||||
typedef struct X509_val_st
|
typedef struct X509_val_st
|
||||||
{
|
{
|
||||||
ASN1_UTCTIME *notBefore;
|
ASN1_TIME *notBefore;
|
||||||
ASN1_UTCTIME *notAfter;
|
ASN1_TIME *notAfter;
|
||||||
} X509_VAL;
|
} X509_VAL;
|
||||||
|
|
||||||
typedef struct X509_pubkey_st
|
typedef struct X509_pubkey_st
|
||||||
@ -323,7 +323,7 @@ DECLARE_STACK_OF(X509_TRUST)
|
|||||||
typedef struct X509_revoked_st
|
typedef struct X509_revoked_st
|
||||||
{
|
{
|
||||||
ASN1_INTEGER *serialNumber;
|
ASN1_INTEGER *serialNumber;
|
||||||
ASN1_UTCTIME *revocationDate;
|
ASN1_TIME *revocationDate;
|
||||||
STACK_OF(X509_EXTENSION) /* optional */ *extensions;
|
STACK_OF(X509_EXTENSION) /* optional */ *extensions;
|
||||||
int sequence; /* load sequence */
|
int sequence; /* load sequence */
|
||||||
} X509_REVOKED;
|
} X509_REVOKED;
|
||||||
@ -336,8 +336,8 @@ typedef struct X509_crl_info_st
|
|||||||
ASN1_INTEGER *version;
|
ASN1_INTEGER *version;
|
||||||
X509_ALGOR *sig_alg;
|
X509_ALGOR *sig_alg;
|
||||||
X509_NAME *issuer;
|
X509_NAME *issuer;
|
||||||
ASN1_UTCTIME *lastUpdate;
|
ASN1_TIME *lastUpdate;
|
||||||
ASN1_UTCTIME *nextUpdate;
|
ASN1_TIME *nextUpdate;
|
||||||
STACK_OF(X509_REVOKED) *revoked;
|
STACK_OF(X509_REVOKED) *revoked;
|
||||||
STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
|
STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
|
||||||
} X509_CRL_INFO;
|
} X509_CRL_INFO;
|
||||||
@ -737,8 +737,8 @@ RSA *RSAPrivateKey_dup(RSA *rsa);
|
|||||||
|
|
||||||
#endif /* !SSLEAY_MACROS */
|
#endif /* !SSLEAY_MACROS */
|
||||||
|
|
||||||
int X509_cmp_current_time(ASN1_UTCTIME *s);
|
int X509_cmp_current_time(ASN1_TIME *s);
|
||||||
ASN1_UTCTIME * X509_gmtime_adj(ASN1_UTCTIME *s, long adj);
|
ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj);
|
||||||
|
|
||||||
const char * X509_get_default_cert_area(void );
|
const char * X509_get_default_cert_area(void );
|
||||||
const char * X509_get_default_cert_dir(void );
|
const char * X509_get_default_cert_dir(void );
|
||||||
@ -920,8 +920,8 @@ int X509_set_issuer_name(X509 *x, X509_NAME *name);
|
|||||||
X509_NAME * X509_get_issuer_name(X509 *a);
|
X509_NAME * X509_get_issuer_name(X509 *a);
|
||||||
int X509_set_subject_name(X509 *x, X509_NAME *name);
|
int X509_set_subject_name(X509 *x, X509_NAME *name);
|
||||||
X509_NAME * X509_get_subject_name(X509 *a);
|
X509_NAME * X509_get_subject_name(X509 *a);
|
||||||
int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm);
|
int X509_set_notBefore(X509 *x, ASN1_TIME *tm);
|
||||||
int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm);
|
int X509_set_notAfter(X509 *x, ASN1_TIME *tm);
|
||||||
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
|
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
|
||||||
EVP_PKEY * X509_get_pubkey(X509 *x);
|
EVP_PKEY * X509_get_pubkey(X509 *x);
|
||||||
int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
|
int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
|
||||||
|
@ -104,36 +104,36 @@ int X509_set_subject_name(X509 *x, X509_NAME *name)
|
|||||||
return(X509_NAME_set(&x->cert_info->subject,name));
|
return(X509_NAME_set(&x->cert_info->subject,name));
|
||||||
}
|
}
|
||||||
|
|
||||||
int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm)
|
int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
|
||||||
{
|
{
|
||||||
ASN1_UTCTIME *in;
|
ASN1_TIME *in;
|
||||||
|
|
||||||
if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
|
if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
|
||||||
in=x->cert_info->validity->notBefore;
|
in=x->cert_info->validity->notBefore;
|
||||||
if (in != tm)
|
if (in != tm)
|
||||||
{
|
{
|
||||||
in=M_ASN1_UTCTIME_dup(tm);
|
in=M_ASN1_TIME_dup(tm);
|
||||||
if (in != NULL)
|
if (in != NULL)
|
||||||
{
|
{
|
||||||
M_ASN1_UTCTIME_free(x->cert_info->validity->notBefore);
|
M_ASN1_TIME_free(x->cert_info->validity->notBefore);
|
||||||
x->cert_info->validity->notBefore=in;
|
x->cert_info->validity->notBefore=in;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return(in != NULL);
|
return(in != NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm)
|
int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
|
||||||
{
|
{
|
||||||
ASN1_UTCTIME *in;
|
ASN1_TIME *in;
|
||||||
|
|
||||||
if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
|
if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
|
||||||
in=x->cert_info->validity->notAfter;
|
in=x->cert_info->validity->notAfter;
|
||||||
if (in != tm)
|
if (in != tm)
|
||||||
{
|
{
|
||||||
in=M_ASN1_UTCTIME_dup(tm);
|
in=M_ASN1_TIME_dup(tm);
|
||||||
if (in != NULL)
|
if (in != NULL)
|
||||||
{
|
{
|
||||||
M_ASN1_UTCTIME_free(x->cert_info->validity->notAfter);
|
M_ASN1_TIME_free(x->cert_info->validity->notAfter);
|
||||||
x->cert_info->validity->notAfter=in;
|
x->cert_info->validity->notAfter=in;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -502,10 +502,10 @@ end:
|
|||||||
return(ok);
|
return(ok);
|
||||||
}
|
}
|
||||||
|
|
||||||
int X509_cmp_current_time(ASN1_UTCTIME *ctm)
|
int X509_cmp_current_time(ASN1_TIME *ctm)
|
||||||
{
|
{
|
||||||
char *str;
|
char *str;
|
||||||
ASN1_UTCTIME atm;
|
ASN1_TIME atm;
|
||||||
time_t offset;
|
time_t offset;
|
||||||
char buff1[24],buff2[24],*p;
|
char buff1[24],buff2[24],*p;
|
||||||
int i,j;
|
int i,j;
|
||||||
@ -513,14 +513,32 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
|
|||||||
p=buff1;
|
p=buff1;
|
||||||
i=ctm->length;
|
i=ctm->length;
|
||||||
str=(char *)ctm->data;
|
str=(char *)ctm->data;
|
||||||
if ((i < 11) || (i > 17)) return(0);
|
if(ctm->type == V_ASN1_UTCTIME) {
|
||||||
memcpy(p,str,10);
|
if ((i < 11) || (i > 17)) return(0);
|
||||||
p+=10;
|
memcpy(p,str,10);
|
||||||
str+=10;
|
p+=10;
|
||||||
|
str+=10;
|
||||||
|
} else {
|
||||||
|
if(i < 13) return 0;
|
||||||
|
memcpy(p,str,12);
|
||||||
|
p+=12;
|
||||||
|
str+=12;
|
||||||
|
}
|
||||||
|
|
||||||
if ((*str == 'Z') || (*str == '-') || (*str == '+'))
|
if ((*str == 'Z') || (*str == '-') || (*str == '+'))
|
||||||
{ *(p++)='0'; *(p++)='0'; }
|
{ *(p++)='0'; *(p++)='0'; }
|
||||||
else { *(p++)= *(str++); *(p++)= *(str++); }
|
else
|
||||||
|
{
|
||||||
|
*(p++)= *(str++);
|
||||||
|
*(p++)= *(str++);
|
||||||
|
/* Skip any fractional seconds... */
|
||||||
|
if(*str == '.')
|
||||||
|
{
|
||||||
|
str++;
|
||||||
|
while((*str >= '0') && (*str <= '9')) str++;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
*(p++)='Z';
|
*(p++)='Z';
|
||||||
*(p++)='\0';
|
*(p++)='\0';
|
||||||
|
|
||||||
@ -535,19 +553,22 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
|
|||||||
if (*str == '-')
|
if (*str == '-')
|
||||||
offset= -offset;
|
offset= -offset;
|
||||||
}
|
}
|
||||||
atm.type=V_ASN1_UTCTIME;
|
atm.type=ctm->type;
|
||||||
atm.length=sizeof(buff2);
|
atm.length=sizeof(buff2);
|
||||||
atm.data=(unsigned char *)buff2;
|
atm.data=(unsigned char *)buff2;
|
||||||
|
|
||||||
X509_gmtime_adj(&atm,-offset*60);
|
X509_gmtime_adj(&atm,-offset*60);
|
||||||
|
|
||||||
i=(buff1[0]-'0')*10+(buff1[1]-'0');
|
if(ctm->type == V_ASN1_UTCTIME)
|
||||||
if (i < 50) i+=100; /* cf. RFC 2459 */
|
{
|
||||||
j=(buff2[0]-'0')*10+(buff2[1]-'0');
|
i=(buff1[0]-'0')*10+(buff1[1]-'0');
|
||||||
if (j < 50) j+=100;
|
if (i < 50) i+=100; /* cf. RFC 2459 */
|
||||||
|
j=(buff2[0]-'0')*10+(buff2[1]-'0');
|
||||||
|
if (j < 50) j+=100;
|
||||||
|
|
||||||
if (i < j) return (-1);
|
if (i < j) return (-1);
|
||||||
if (i > j) return (1);
|
if (i > j) return (1);
|
||||||
|
}
|
||||||
i=strcmp(buff1,buff2);
|
i=strcmp(buff1,buff2);
|
||||||
if (i == 0) /* wait a second then return younger :-) */
|
if (i == 0) /* wait a second then return younger :-) */
|
||||||
return(-1);
|
return(-1);
|
||||||
@ -555,13 +576,14 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
|
|||||||
return(i);
|
return(i);
|
||||||
}
|
}
|
||||||
|
|
||||||
ASN1_UTCTIME *X509_gmtime_adj(ASN1_UTCTIME *s, long adj)
|
ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
|
||||||
{
|
{
|
||||||
time_t t;
|
time_t t;
|
||||||
|
|
||||||
time(&t);
|
time(&t);
|
||||||
t+=adj;
|
t+=adj;
|
||||||
return(ASN1_UTCTIME_set(s,t));
|
if(s->type == V_ASN1_UTCTIME) return(ASN1_UTCTIME_set(s,t));
|
||||||
|
return ASN1_GENERALIZEDTIME_set(s, t);
|
||||||
}
|
}
|
||||||
|
|
||||||
int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
|
int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
|
||||||
|
Loading…
Reference in New Issue
Block a user