Get rid of ASN1_UTCTIME_get, which cannot work with time_t
authorBodo Möller <bodo@openssl.org>
Wed, 6 Sep 2000 15:40:52 +0000 (15:40 +0000)
committerBodo Möller <bodo@openssl.org>
Wed, 6 Sep 2000 15:40:52 +0000 (15:40 +0000)
return type (on platforms where time_t is a 32 bit value).

New function ASN1_UTCTIME_cmp_time_t as a replacement
for use in apps/x509.c.

apps/x509.c
crypto/asn1/a_utctm.c
crypto/asn1/asn1.h

index 4da4feb..b86352e 100644 (file)
@@ -291,24 +291,26 @@ int MAIN(int argc, char **argv)
                else if (strcmp(*argv,"-addtrust") == 0)
                        {
                        if (--argc < 1) goto bad;
-                       if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
+                       if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
+                               {
                                BIO_printf(bio_err,
                                        "Invalid trust object value %s\n", *argv);
                                goto bad;
-                       }
-                       if(!trust) trust = sk_ASN1_OBJECT_new_null();
+                               }
+                       if (!trust) trust = sk_ASN1_OBJECT_new_null();
                        sk_ASN1_OBJECT_push(trust, objtmp);
                        trustout = 1;
                        }
                else if (strcmp(*argv,"-addreject") == 0)
                        {
                        if (--argc < 1) goto bad;
-                       if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
+                       if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
+                               {
                                BIO_printf(bio_err,
                                        "Invalid reject object value %s\n", *argv);
                                goto bad;
-                       }
-                       if(!reject) reject = sk_ASN1_OBJECT_new_null();
+                               }
+                       if (!reject) reject = sk_ASN1_OBJECT_new_null();
                        sk_ASN1_OBJECT_push(reject, objtmp);
                        trustout = 1;
                        }
@@ -321,7 +323,7 @@ int MAIN(int argc, char **argv)
                else if (strcmp(*argv,"-nameopt") == 0)
                        {
                        if (--argc < 1) goto bad;
-                       if(!set_name_ex(&nmflag, *(++argv))) goto bad;
+                       if (!set_name_ex(&nmflag, *(++argv))) goto bad;
                        }
                else if (strcmp(*argv,"-setalias") == 0)
                        {
@@ -417,10 +419,11 @@ bad:
 
        ERR_load_crypto_strings();
 
-       if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+       if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+               {
                BIO_printf(bio_err, "Error getting password\n");
                goto end;
-       }
+               }
 
        if (!X509_STORE_set_default_paths(ctx))
                {
@@ -436,10 +439,12 @@ bad:
                goto end;
                }
 
-       if (extfile) {
+       if (extfile)
+               {
                long errorline;
                X509V3_CTX ctx2;
-               if (!(extconf=CONF_load(NULL,extfile,&errorline))) {
+               if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+                       {
                        if (errorline <= 0)
                                BIO_printf(bio_err,
                                        "error loading the config file '%s'\n",
@@ -449,19 +454,20 @@ bad:
                                       "error on line %ld of config file '%s'\n"
                                                        ,errorline,extfile);
                        goto end;
-               }
-               if(!extsect && !(extsect = CONF_get_string(extconf, "default",
+                       }
+               if (!extsect && !(extsect = CONF_get_string(extconf, "default",
                                         "extensions"))) extsect = "default";
                X509V3_set_ctx_test(&ctx2);
                X509V3_set_conf_lhash(&ctx2, extconf);
-               if(!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL)) {
+               if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
+                       {
                        BIO_printf(bio_err,
                                "Error Loading extension section %s\n",
                                                                 extsect);
                        ERR_print_errors(bio_err);
                        goto end;
-                }
-       } 
+                       }
+               }
 
 
        if (reqfile)
@@ -581,24 +587,28 @@ bad:
                        }
                }
 
-       if(alias) X509_alias_set1(x, (unsigned char *)alias, -1);
+       if (alias) X509_alias_set1(x, (unsigned char *)alias, -1);
 
-       if(clrtrust) X509_trust_clear(x);
-       if(clrreject) X509_reject_clear(x);
+       if (clrtrust) X509_trust_clear(x);
+       if (clrreject) X509_reject_clear(x);
 
-       if(trust) {
-               for(i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
+       if (trust)
+               {
+               for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)
+                       {
                        objtmp = sk_ASN1_OBJECT_value(trust, i);
                        X509_add1_trust_object(x, objtmp);
+                       }
                }
-       }
 
-       if(reject) {
-               for(i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
+       if (reject)
+               {
+               for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)
+                       {
                        objtmp = sk_ASN1_OBJECT_value(reject, i);
                        X509_add1_reject_object(x, objtmp);
+                       }
                }
-       }
 
        if (num)
                {
@@ -625,7 +635,7 @@ bad:
                                int j;
                                STACK *emlst;
                                emlst = X509_get1_email(x);
-                               for(j = 0; j < sk_num(emlst); j++)
+                               for (j = 0; j < sk_num(emlst); j++)
                                        BIO_printf(STDout, "%s\n", sk_value(emlst, j));
                                X509_email_free(emlst);
                                }
@@ -633,7 +643,7 @@ bad:
                                {
                                unsigned char *alstr;
                                alstr = X509_alias_get0(x, NULL);
-                               if(alstr) BIO_printf(STDout,"%s\n", alstr);
+                               if (alstr) BIO_printf(STDout,"%s\n", alstr);
                                else BIO_puts(STDout,"<No Alias>\n");
                                }
                        else if (hash == i)
@@ -645,7 +655,7 @@ bad:
                                X509_PURPOSE *ptmp;
                                int j;
                                BIO_printf(STDout, "Certificate purposes:\n");
-                               for(j = 0; j < X509_PURPOSE_get_count(); j++)
+                               for (j = 0; j < X509_PURPOSE_get_count(); j++)
                                        {
                                        ptmp = X509_PURPOSE_get0(j);
                                        purpose_print(STDout, x, ptmp);
@@ -863,12 +873,11 @@ bad:
                        }
                }
 
-       if(checkend)
+       if (checkend)
                {
-               time_t t=ASN1_UTCTIME_get(X509_get_notAfter(x));
                time_t tnow=time(NULL);
 
-               if(tnow+checkoffset > t)
+               if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1)
                        {
                        BIO_printf(out,"Certificate will expire\n");
                        ret=1;
@@ -889,10 +898,12 @@ bad:
 
        if      (outformat == FORMAT_ASN1)
                i=i2d_X509_bio(out,x);
-       else if (outformat == FORMAT_PEM) {
-               if(trustout) i=PEM_write_bio_X509_AUX(out,x);
+       else if (outformat == FORMAT_PEM)
+               {
+               if (trustout) i=PEM_write_bio_X509_AUX(out,x);
                else i=PEM_write_bio_X509(out,x);
-       } else if (outformat == FORMAT_NETSCAPE)
+               }
+       else if (outformat == FORMAT_NETSCAPE)
                {
                ASN1_HEADER ah;
                ASN1_OCTET_STRING os;
@@ -910,7 +921,8 @@ bad:
                BIO_printf(bio_err,"bad output format specified for outfile\n");
                goto end;
                }
-       if (!i) {
+       if (!i)
+               {
                BIO_printf(bio_err,"unable to write certificate\n");
                ERR_print_errors(bio_err);
                goto end;
@@ -932,7 +944,7 @@ end:
        X509_REQ_free(rq);
        sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
        sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
-       if(passin) OPENSSL_free(passin);
+       if (passin) OPENSSL_free(passin);
        EXIT(ret);
        }
 
@@ -1059,17 +1071,19 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
        if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
                goto end;
 
-       if(clrext) {
-               while(X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
-       }
+       if (clrext)
+               {
+               while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
+               }
 
-       if(conf) {
+       if (conf)
+               {
                X509V3_CTX ctx2;
                X509_set_version(x,2); /* version 3 certificate */
                 X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
                 X509V3_set_conf_lhash(&ctx2, conf);
-                if(!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
-       }
+                if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
+               }
 
        if (!X509_sign(x,pkey,digest)) goto end;
        ret=1;
@@ -1081,7 +1095,7 @@ end:
        if (bs != NULL) ASN1_INTEGER_free(bs);
        if (io != NULL) BIO_free(io);
        if (serial != NULL) BN_free(serial);
-       return(ret);
+       return ret;
        }
 
 static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
@@ -1094,7 +1108,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
         * final ok == 1 calls to this function */
        err=X509_STORE_CTX_get_error(ctx);
        if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
-               return(1);
+               return 1;
 
        /* BAD we should have gotten an error.  Normally if everything
         * worked X509_STORE_CTX_get_error(ctx) will still be set to
@@ -1102,7 +1116,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
        if (ok)
                {
                BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
-               return(0);
+               return 0;
                }
        else
                {
@@ -1111,7 +1125,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
                BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
                        err,X509_STORE_CTX_get_error_depth(ctx),
                        X509_verify_cert_error_string(err));
-               return(1);
+               return 1;
                }
        }
 
@@ -1138,21 +1152,23 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
                goto err;
 
        if (!X509_set_pubkey(x,pkey)) goto err;
-       if(clrext) {
-               while(X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
-       }
-       if(conf) {
+       if (clrext)
+               {
+               while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
+               }
+       if (conf)
+               {
                X509V3_CTX ctx;
                X509_set_version(x,2); /* version 3 certificate */
                 X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
                 X509V3_set_conf_lhash(&ctx, conf);
-                if(!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
-       }
+                if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
+               }
        if (!X509_sign(x,pkey,digest)) goto err;
-       return(1);
+       return 1;
 err:
        ERR_print_errors(bio_err);
-       return(0);
+       return 0;
        }
 
 static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
@@ -1161,13 +1177,14 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
        char *pname;
        id = X509_PURPOSE_get_id(pt);
        pname = X509_PURPOSE_get0_name(pt);
-       for(i = 0; i < 2; i++) {
+       for (i = 0; i < 2; i++)
+               {
                idret = X509_check_purpose(cert, id, i);
                BIO_printf(bio, "%s%s : ", pname, i ? " CA" : ""); 
-               if(idret == 1) BIO_printf(bio, "Yes\n");
+               if (idret == 1) BIO_printf(bio, "Yes\n");
                else if (idret == 0) BIO_printf(bio, "No\n");
                else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
-       }
+               }
        return 1;
 }
 
index 2ee572e..b9b4d9a 100644 (file)
@@ -265,6 +265,50 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
        return(s);
        }
 
+
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
+       {
+       struct tm *tm;
+       int offset;
+       int year;
+
+#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+
+       if (s->data[12] == 'Z')
+               offset=0;
+       else
+               {
+               offset = g2(s->data+13)*60+g2(s->data+15);
+               if (s->data[12] == '-')
+                       offset = -offset;
+               }
+
+       t -= offset*60; /* FIXME: may overflow in extreme cases */
+
+#if defined(THREADS) && !defined(WIN32)
+       { struct tm data; gmtime_r(&t, &data); tm = &data; }
+#else
+       tm = gmtime(&t);
+#endif
+       
+#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
+       year = g2(s->data);
+       if (year < 50)
+               year += 100;
+       return_cmp(year,              tm->tm_year);
+       return_cmp(g2(s->data+2) - 1, tm->tm_mon);
+       return_cmp(g2(s->data+4),     tm->tm_mday);
+       return_cmp(g2(s->data+6),     tm->tm_hour);
+       return_cmp(g2(s->data+8),     tm->tm_min);
+       return_cmp(g2(s->data+10),    tm->tm_sec);
+#undef g2
+#undef return_cmp
+
+       return 0;
+       }
+
+
+#if 0
 time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
        {
        struct tm tm;
@@ -300,3 +344,4 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
                                       * Also time_t is inappropriate for general
                                       * UTC times because it may a 32 bit type. */
        }
+#endif
index b216756..6dfd4fa 100644 (file)
@@ -655,7 +655,10 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp,
 int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+#if 0
 time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
+#endif
 
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);