generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Get rid of ASN1_UTCTIME_get, which cannot work with time_t

Browse Source 
return type (on platforms where time_t is a 32 bit value).

New function ASN1_UTCTIME_cmp_time_t as a replacement
for use in apps/x509.c.
This commit is contained in:
Bodo Möller 2000-09-06 15:40:52 +00:00
parent 26b0d15628
commit 61f175f4ba
3 changed files with 122 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
apps/x509.c
View File

@ -291,24 +291,26 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-addtrust") == 0) else if (strcmp(*argv,"-addtrust") == 0)
{ {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) { if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
{
BIO_printf(bio_err, BIO_printf(bio_err,
"Invalid trust object value %s\n", *argv); "Invalid trust object value %s\n", *argv);
goto bad; goto bad;
} }
if(!trust) trust = sk_ASN1_OBJECT_new_null(); if (!trust) trust = sk_ASN1_OBJECT_new_null();
sk_ASN1_OBJECT_push(trust, objtmp); sk_ASN1_OBJECT_push(trust, objtmp);
trustout = 1; trustout = 1;
} }
else if (strcmp(*argv,"-addreject") == 0) else if (strcmp(*argv,"-addreject") == 0)
{ {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) { if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
{
BIO_printf(bio_err, BIO_printf(bio_err,
"Invalid reject object value %s\n", *argv); "Invalid reject object value %s\n", *argv);
goto bad; goto bad;
} }
if(!reject) reject = sk_ASN1_OBJECT_new_null(); if (!reject) reject = sk_ASN1_OBJECT_new_null();
sk_ASN1_OBJECT_push(reject, objtmp); sk_ASN1_OBJECT_push(reject, objtmp);
trustout = 1; trustout = 1;
} }
@ -321,7 +323,7 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-nameopt") == 0) else if (strcmp(*argv,"-nameopt") == 0)
{ {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
if(!set_name_ex(&nmflag, *(++argv))) goto bad; if (!set_name_ex(&nmflag, *(++argv))) goto bad;
} }
else if (strcmp(*argv,"-setalias") == 0) else if (strcmp(*argv,"-setalias") == 0)
{ {
@ -417,10 +419,11 @@ bad:
ERR_load_crypto_strings(); ERR_load_crypto_strings();
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
{
BIO_printf(bio_err, "Error getting password\n"); BIO_printf(bio_err, "Error getting password\n");
goto end; goto end;
} }
if (!X509_STORE_set_default_paths(ctx)) if (!X509_STORE_set_default_paths(ctx))
{ {
@ -436,10 +439,12 @@ bad:
goto end; goto end;
} }
if (extfile) { if (extfile)
{
long errorline; long errorline;
X509V3_CTX ctx2; X509V3_CTX ctx2;
if (!(extconf=CONF_load(NULL,extfile,&errorline))) { if (!(extconf=CONF_load(NULL,extfile,&errorline)))
{
if (errorline <= 0) if (errorline <= 0)
BIO_printf(bio_err, BIO_printf(bio_err,
"error loading the config file '%s'\n", "error loading the config file '%s'\n",
@ -449,19 +454,20 @@ bad:
"error on line %ld of config file '%s'\n" "error on line %ld of config file '%s'\n"
,errorline,extfile); ,errorline,extfile);
goto end; goto end;
} }
if(!extsect && !(extsect = CONF_get_string(extconf, "default", if (!extsect && !(extsect = CONF_get_string(extconf, "default",
"extensions"))) extsect = "default"; "extensions"))) extsect = "default";
X509V3_set_ctx_test(&ctx2); X509V3_set_ctx_test(&ctx2);
X509V3_set_conf_lhash(&ctx2, extconf); X509V3_set_conf_lhash(&ctx2, extconf);
if(!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL)) { if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
{
BIO_printf(bio_err, BIO_printf(bio_err,
"Error Loading extension section %s\n", "Error Loading extension section %s\n",
extsect); extsect);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }
} }
if (reqfile) if (reqfile)
@ -581,24 +587,28 @@ bad:
} }
} }
if(alias) X509_alias_set1(x, (unsigned char *)alias, -1); if (alias) X509_alias_set1(x, (unsigned char *)alias, -1);
if(clrtrust) X509_trust_clear(x); if (clrtrust) X509_trust_clear(x);
if(clrreject) X509_reject_clear(x); if (clrreject) X509_reject_clear(x);
if(trust) { if (trust)
for(i = 0; i < sk_ASN1_OBJECT_num(trust); i++) { {
for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)
{
objtmp = sk_ASN1_OBJECT_value(trust, i); objtmp = sk_ASN1_OBJECT_value(trust, i);
X509_add1_trust_object(x, objtmp); X509_add1_trust_object(x, objtmp);
}
} }
}
if(reject) { if (reject)
for(i = 0; i < sk_ASN1_OBJECT_num(reject); i++) { {
for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)
{
objtmp = sk_ASN1_OBJECT_value(reject, i); objtmp = sk_ASN1_OBJECT_value(reject, i);
X509_add1_reject_object(x, objtmp); X509_add1_reject_object(x, objtmp);
}
} }
}
if (num) if (num)
{ {
@ -625,7 +635,7 @@ bad:
int j; int j;
STACK *emlst; STACK *emlst;
emlst = X509_get1_email(x); emlst = X509_get1_email(x);
for(j = 0; j < sk_num(emlst); j++) for (j = 0; j < sk_num(emlst); j++)
BIO_printf(STDout, "%s\n", sk_value(emlst, j)); BIO_printf(STDout, "%s\n", sk_value(emlst, j));
X509_email_free(emlst); X509_email_free(emlst);
} }
@ -633,7 +643,7 @@ bad:
{ {
unsigned char *alstr; unsigned char *alstr;
alstr = X509_alias_get0(x, NULL); alstr = X509_alias_get0(x, NULL);
if(alstr) BIO_printf(STDout,"%s\n", alstr); if (alstr) BIO_printf(STDout,"%s\n", alstr);
else BIO_puts(STDout,"<No Alias>\n"); else BIO_puts(STDout,"<No Alias>\n");
} }
else if (hash == i) else if (hash == i)
@ -645,7 +655,7 @@ bad:
X509_PURPOSE *ptmp; X509_PURPOSE *ptmp;
int j; int j;
BIO_printf(STDout, "Certificate purposes:\n"); BIO_printf(STDout, "Certificate purposes:\n");
for(j = 0; j < X509_PURPOSE_get_count(); j++) for (j = 0; j < X509_PURPOSE_get_count(); j++)
{ {
ptmp = X509_PURPOSE_get0(j); ptmp = X509_PURPOSE_get0(j);
purpose_print(STDout, x, ptmp); purpose_print(STDout, x, ptmp);
@ -863,12 +873,11 @@ bad:
} }
} }
if(checkend) if (checkend)
{ {
time_t t=ASN1_UTCTIME_get(X509_get_notAfter(x));
time_t tnow=time(NULL); time_t tnow=time(NULL);
if(tnow+checkoffset > t) if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1)
{ {
BIO_printf(out,"Certificate will expire\n"); BIO_printf(out,"Certificate will expire\n");
ret=1; ret=1;
@ -889,10 +898,12 @@ bad:
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i=i2d_X509_bio(out,x); i=i2d_X509_bio(out,x);
else if (outformat == FORMAT_PEM) { else if (outformat == FORMAT_PEM)
if(trustout) i=PEM_write_bio_X509_AUX(out,x); {
if (trustout) i=PEM_write_bio_X509_AUX(out,x);
else i=PEM_write_bio_X509(out,x); else i=PEM_write_bio_X509(out,x);
} else if (outformat == FORMAT_NETSCAPE) }
else if (outformat == FORMAT_NETSCAPE)
{ {
ASN1_HEADER ah; ASN1_HEADER ah;
ASN1_OCTET_STRING os; ASN1_OCTET_STRING os;
@ -910,7 +921,8 @@ bad:
BIO_printf(bio_err,"bad output format specified for outfile\n"); BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end; goto end;
} }
if (!i) { if (!i)
{
BIO_printf(bio_err,"unable to write certificate\n"); BIO_printf(bio_err,"unable to write certificate\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@ -932,7 +944,7 @@ end:
X509_REQ_free(rq); X509_REQ_free(rq);
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free); sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free); sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
if(passin) OPENSSL_free(passin); if (passin) OPENSSL_free(passin);
EXIT(ret); EXIT(ret);
} }
@ -1059,17 +1071,19 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL) if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
goto end; goto end;
if(clrext) { if (clrext)
while(X509_get_ext_count(x) > 0) X509_delete_ext(x, 0); {
} while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
}
if(conf) { if (conf)
{
X509V3_CTX ctx2; X509V3_CTX ctx2;
X509_set_version(x,2); /* version 3 certificate */ X509_set_version(x,2); /* version 3 certificate */
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0); X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
X509V3_set_conf_lhash(&ctx2, conf); X509V3_set_conf_lhash(&ctx2, conf);
if(!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end; if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
} }
if (!X509_sign(x,pkey,digest)) goto end; if (!X509_sign(x,pkey,digest)) goto end;
ret=1; ret=1;
@ -1081,7 +1095,7 @@ end:
if (bs != NULL) ASN1_INTEGER_free(bs); if (bs != NULL) ASN1_INTEGER_free(bs);
if (io != NULL) BIO_free(io); if (io != NULL) BIO_free(io);
if (serial != NULL) BN_free(serial); if (serial != NULL) BN_free(serial);
return(ret); return ret;
} }
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx) static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
@ -1094,7 +1108,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
* final ok == 1 calls to this function */ * final ok == 1 calls to this function */
err=X509_STORE_CTX_get_error(ctx); err=X509_STORE_CTX_get_error(ctx);
if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
return(1); return 1;
/* BAD we should have gotten an error. Normally if everything /* BAD we should have gotten an error. Normally if everything
* worked X509_STORE_CTX_get_error(ctx) will still be set to * worked X509_STORE_CTX_get_error(ctx) will still be set to
@ -1102,7 +1116,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
if (ok) if (ok)
{ {
BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n"); BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
return(0); return 0;
} }
else else
{ {
@ -1111,7 +1125,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n", BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
err,X509_STORE_CTX_get_error_depth(ctx), err,X509_STORE_CTX_get_error_depth(ctx),
X509_verify_cert_error_string(err)); X509_verify_cert_error_string(err));
return(1); return 1;
} }
} }
@ -1138,21 +1152,23 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
goto err; goto err;
if (!X509_set_pubkey(x,pkey)) goto err; if (!X509_set_pubkey(x,pkey)) goto err;
if(clrext) { if (clrext)
while(X509_get_ext_count(x) > 0) X509_delete_ext(x, 0); {
} while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
if(conf) { }
if (conf)
{
X509V3_CTX ctx; X509V3_CTX ctx;
X509_set_version(x,2); /* version 3 certificate */ X509_set_version(x,2); /* version 3 certificate */
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0); X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
X509V3_set_conf_lhash(&ctx, conf); X509V3_set_conf_lhash(&ctx, conf);
if(!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err; if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
} }
if (!X509_sign(x,pkey,digest)) goto err; if (!X509_sign(x,pkey,digest)) goto err;
return(1); return 1;
err: err:
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
return(0); return 0;
} }
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt) static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
@ -1161,13 +1177,14 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
char *pname; char *pname;
id = X509_PURPOSE_get_id(pt); id = X509_PURPOSE_get_id(pt);
pname = X509_PURPOSE_get0_name(pt); pname = X509_PURPOSE_get0_name(pt);
for(i = 0; i < 2; i++) { for (i = 0; i < 2; i++)
{
idret = X509_check_purpose(cert, id, i); idret = X509_check_purpose(cert, id, i);
BIO_printf(bio, "%s%s : ", pname, i ? " CA" : ""); BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
if(idret == 1) BIO_printf(bio, "Yes\n"); if (idret == 1) BIO_printf(bio, "Yes\n");
else if (idret == 0) BIO_printf(bio, "No\n"); else if (idret == 0) BIO_printf(bio, "No\n");
else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret); else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
} }
return 1; return 1;
} }

45
crypto/asn1/a_utctm.c
View File

@ -265,6 +265,50 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
return(s); return(s);
} }
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
{
struct tm *tm;
int offset;
int year;
#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
if (s->data[12] == 'Z')
offset=0;
else
{
offset = g2(s->data+13)*60+g2(s->data+15);
if (s->data[12] == '-')
offset = -offset;
}
t -= offset*60; /* FIXME: may overflow in extreme cases */
#if defined(THREADS) && !defined(WIN32)
{ struct tm data; gmtime_r(&t, &data); tm = &data; }
#else
tm = gmtime(&t);
#endif
#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
year = g2(s->data);
if (year < 50)
year += 100;
return_cmp(year, tm->tm_year);
return_cmp(g2(s->data+2) - 1, tm->tm_mon);
return_cmp(g2(s->data+4), tm->tm_mday);
return_cmp(g2(s->data+6), tm->tm_hour);
return_cmp(g2(s->data+8), tm->tm_min);
return_cmp(g2(s->data+10), tm->tm_sec);
#undef g2
#undef return_cmp
return 0;
}
#if 0
time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
{ {
struct tm tm; struct tm tm;
@ -300,3 +344,4 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
* Also time_t is inappropriate for general * Also time_t is inappropriate for general
* UTC times because it may a 32 bit type. */ * UTC times because it may a 32 bit type. */
} }
#endif

3
crypto/asn1/asn1.h
View File

@ -655,7 +655,10 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp,
int ASN1_UTCTIME_check(ASN1_UTCTIME *a); int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t); ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str);
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
#if 0
time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
#endif
int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t); ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);