Set certificate times in one function. (dc047d31) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

apps/apps.c

+34 −0

Original line number	Diff line number	Diff line
		@@ -2589,3 +2589,37 @@ void corrupt_signature(const ASN1_STRING *signature)
		unsigned char *s = signature->data;
		s[signature->length - 1] ^= 0x1;
		}

		int set_cert_times(X509 x, const char startdate, const char *enddate,
		int days)
		{
		int rv = 0;
		ASN1_TIME *tm = ASN1_TIME_new();
		if (tm == NULL)
		goto err;
		if (startdate == NULL \|\| strcmp(startdate, "today") == 0) {
		if (!X509_gmtime_adj(tm, 0))
		goto err;
		} else if (!ASN1_TIME_set_string(tm, startdate)) {
		goto err;
		}

		if (!X509_set_notBefore(x, tm))
		goto err;

		if (enddate == NULL) {
		if (!X509_time_adj_ex(tm, days, 0, NULL))
		goto err;
		} else if (!ASN1_TIME_set_string(tm, enddate)) {
		goto err;
		}

		if (!X509_set_notAfter(x, tm))
		goto err;

		rv = 1;

		err:
		ASN1_TIME_free(tm);
		return rv;
		}

+2 −0

Original line number	Diff line number	Diff line
		@@ -72,6 +72,8 @@ int has_stdin_waiting(void);
		# endif

		void corrupt_signature(const ASN1_STRING *signature);
		int set_cert_times(X509 x, const char startdate, const char *enddate,
		int days);

		/*
		* Common verification options.

+3 −8

Original line number	Diff line number	Diff line
		@@ -1698,16 +1698,11 @@ static int do_body(X509 *xret, EVP_PKEY pkey, X509 *x509,
		goto end;
		}

		if (strcmp(startdate, "today") == 0)
		X509_gmtime_adj(X509_get_notBefore(ret), 0);
		else
		ASN1_TIME_set_string(X509_get_notBefore(ret), startdate);
		if (!set_cert_times(ret, startdate, enddate, days))
		goto end;

		if (enddate == NULL)
		X509_time_adj_ex(X509_get_notAfter(ret), days, 0, NULL);
		else {
		if (enddate != NULL) {
		int tdays;
		ASN1_TIME_set_string(X509_get_notAfter(ret), enddate);
		ASN1_TIME_diff(&tdays, NULL, NULL, X509_get_notAfter(ret));
		days = tdays;
		}

+1 −3

Original line number	Diff line number	Diff line
		@@ -616,9 +616,7 @@ int req_main(int argc, char **argv)

		if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req)))
		goto end;
		if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0))
		goto end;
		if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL))
		if (!set_cert_times(x509ss, NULL, NULL, days))
		goto end;
		if (!X509_set_subject_name
		(x509ss, X509_REQ_get_subject_name(req)))

+4 −12

Original line number	Diff line number	Diff line
		@@ -554,9 +554,9 @@ int x509_main(int argc, char **argv)
		goto end;
		if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req)))
		goto end;
		if (!set_cert_times(x, NULL, NULL, days))
		goto end;

		X509_gmtime_adj(X509_get_notBefore(x), 0);
		X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL);
		if (fkey)
		X509_set_pubkey(x, fkey);
		else {
		@@ -983,11 +983,7 @@ static int x509_certify(X509_STORE ctx, const char CAfile, const EVP_MD *diges
		if (!X509_set_serialNumber(x, bs))
		goto end;

		if (X509_gmtime_adj(X509_get_notBefore(x), 0L) == NULL)
		goto end;

		/* hardwired expired */
		if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
		if (!set_cert_times(x, NULL, NULL, days))
		goto end;

		if (clrext) {
		@@ -1056,12 +1052,8 @@ static int sign(X509 x, EVP_PKEY pkey, int days, int clrext,

		if (!X509_set_issuer_name(x, X509_get_subject_name(x)))
		goto err;
		if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
		if (!set_cert_times(x, NULL, NULL, days))
		goto err;

		if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
		goto err;

		if (!X509_set_pubkey(x, pkey))
		goto err;
		if (clrext) {