From e5eb96c83a553288653a2b99ec78bc5d251ac7a7 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 2 Sep 2009 13:55:22 +0000 Subject: [PATCH] PR: 2013 Submitted by: steve@openssl.org Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created. This makes it possible to tell if the underlying type is UTCTime, GeneralizedTime or Time when the structure is reused and X509_time_adj_ex() can handle each case in an appropriate manner. Add error checking to CRL generation in ca utility when nextUpdate is being set. --- apps/ca.c | 7 ++++++- crypto/asn1/asn1.h | 4 ++++ crypto/asn1/tasn_new.c | 6 +++++- crypto/x509/x509_vfy.c | 12 ++++++++---- 4 files changed, 23 insertions(+), 6 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index aabf86bd0..007b501d0 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1403,7 +1403,12 @@ bad: if (!tmptm) goto err; X509_gmtime_adj(tmptm,0); X509_CRL_set_lastUpdate(crl, tmptm); - X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, NULL); + if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, + NULL)) + { + BIO_puts(bio_err, "error setting CRL nextUpdate\n"); + goto err; + } X509_CRL_set_nextUpdate(crl, tmptm); ASN1_TIME_free(tmptm); diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index f202e2384..dfc6790ef 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -230,6 +230,10 @@ typedef struct asn1_object_st */ #define ASN1_STRING_FLAG_CONT 0x020 +/* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING + * type. + */ +#define ASN1_STRING_FLAG_MSTRING 0x040 /* This is the base type that holds just about everything :-) */ typedef struct asn1_string_st { diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index c816e5164..0d9e78cc7 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -325,6 +325,7 @@ static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { ASN1_TYPE *typ; + ASN1_STRING *str; int utype; if (it && it->funcs) @@ -362,7 +363,10 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) break; default: - *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype); + str = ASN1_STRING_type_new(utype); + if (it->itype == ASN1_ITYPE_MSTRING && str) + str->flags |= ASN1_STRING_FLAG_MSTRING; + *pval = (ASN1_VALUE *)str; break; } if (*pval) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 200a9cc0b..62b01441b 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1765,10 +1765,14 @@ ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, else time(&t); if (s) type = s->type; - if (type == V_ASN1_UTCTIME) - return ASN1_UTCTIME_adj(s,t, offset_day, offset_sec); - if (type == V_ASN1_GENERALIZEDTIME) - return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec); + if (!(s->flags & ASN1_STRING_FLAG_MSTRING)) + { + if (type == V_ASN1_UTCTIME) + return ASN1_UTCTIME_adj(s,t, offset_day, offset_sec); + if (type == V_ASN1_GENERALIZEDTIME) + return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, + offset_sec); + } return ASN1_TIME_adj(s, t, offset_day, offset_sec); }