The branch master has been updated
via 6b1f413c3a8563a53e1b41d48d870c010541c7f5 (commit)
via 0b7347effee58f5a19e4724c4b277635727c20d8 (commit)
from bf932fbd4a2385496fa5e9363bf9280fc6fba0ad (commit)
- Log -----------------------------------------------------------------
commit 6b1f413c3a8563a53e1b41d48d870c010541c7f5
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sat Aug 20 13:07:57 2016 +0100
update ordinals
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
commit 0b7347effee58f5a19e4724c4b277635727c20d8
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sat Aug 20 13:02:09 2016 +0100
Add X509_getm_notBefore, X509_getm_notAfter
Add mutable versions of X509_get0_notBefore and X509_get0_notAfter.
Rename X509_SIG_get0_mutable to X509_SIG_getm.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 36 +++++++++++-------------------------
crypto/asn1/x_sig.c | 4 ++--
crypto/pkcs12/p12_mutl.c | 4 ++--
crypto/pkcs12/p12_npas.c | 2 +-
crypto/x509/x509_set.c | 6 ++----
doc/crypto/X509_SIG_get0.pod | 8 ++++----
doc/crypto/X509_get_notBefore.pod | 17 +++++++++--------
include/openssl/x509.h | 10 ++++++----
util/libcrypto.num | 6 +++---
9 files changed, 40 insertions(+), 53 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index 23c6569..522db71 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2593,33 +2593,19 @@ void corrupt_signature(const ASN1_STRING *signature)
int set_cert_times(X509 *x, const char *startdate, const char *enddate,
int days)
{
- int rv = 0;
- ASN1_TIME *tm = ASN1_TIME_new();
- if (tm == NULL)
- goto err;
if (startdate == NULL || strcmp(startdate, "today") == 0) {
- if (!X509_gmtime_adj(tm, 0))
- goto err;
- } else if (!ASN1_TIME_set_string(tm, startdate)) {
- goto err;
+ if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL)
+ return 0;
+ } else {
+ if (!ASN1_TIME_set_string(X509_getm_notBefore(x), startdate))
+ return 0;
}
-
- if (!X509_set1_notBefore(x, tm))
- goto err;
-
if (enddate == NULL) {
- if (!X509_time_adj_ex(tm, days, 0, NULL))
- goto err;
- } else if (!ASN1_TIME_set_string(tm, enddate)) {
- goto err;
+ if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL)
+ == NULL)
+ return 0;
+ } else if (!ASN1_TIME_set_string(X509_getm_notAfter(x), enddate)) {
+ return 0;
}
-
- if (!X509_set1_notAfter(x, tm))
- goto err;
-
- rv = 1;
-
- err:
- ASN1_TIME_free(tm);
- return rv;
+ return 1;
}
diff --git a/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c
index 1e835cb..e465cf2 100644
--- a/crypto/asn1/x_sig.c
+++ b/crypto/asn1/x_sig.c
@@ -29,8 +29,8 @@ void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR
**palg,
*pdigest = sig->digest;
}
-void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg,
- ASN1_OCTET_STRING **pdigest)
+void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+ ASN1_OCTET_STRING **pdigest)
{
if (palg)
*palg = sig->algor;
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index d608a5c..79639c2 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -170,7 +170,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int
passlen,
PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
return 0;
}
- X509_SIG_get0_mutable(p12->mac->dinfo, NULL, &macoct);
+ X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) {
PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
return 0;
@@ -208,7 +208,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char
*salt, int saltlen,
return 0;
} else
memcpy(p12->mac->salt->data, salt, saltlen);
- X509_SIG_get0_mutable(p12->mac->dinfo, &macalg, NULL);
+ X509_SIG_getm(p12->mac->dinfo, &macalg, NULL);
if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)),
V_ASN1_NULL, NULL)) {
PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
index f075bca..0ce75ed 100644
--- a/crypto/pkcs12/p12_npas.c
+++ b/crypto/pkcs12/p12_npas.c
@@ -110,7 +110,7 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass,
const char *newpass)
if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
goto err;
- X509_SIG_get0_mutable(p12->mac->dinfo, NULL, &macoct);
+ X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
if (!ASN1_OCTET_STRING_set(macoct, mac, maclen))
goto err;
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index 8bf367b..c0ea418 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -119,17 +119,15 @@ const ASN1_TIME *X509_get0_notAfter(const X509 *x)
return x->cert_info.validity.notAfter;
}
-#if OPENSSL_API_COMPAT < 0x10100000L
-ASN1_TIME *X509_get_notBefore(const X509 *x)
+ASN1_TIME *X509_getm_notBefore(const X509 *x)
{
return x->cert_info.validity.notBefore;
}
-ASN1_TIME *X509_get_notAfter(const X509 *x)
+ASN1_TIME *X509_getm_notAfter(const X509 *x)
{
return x->cert_info.validity.notAfter;
}
-#endif
int X509_get_signature_type(const X509 *x)
{
diff --git a/doc/crypto/X509_SIG_get0.pod b/doc/crypto/X509_SIG_get0.pod
index a47ae44..d24eadc 100644
--- a/doc/crypto/X509_SIG_get0.pod
+++ b/doc/crypto/X509_SIG_get0.pod
@@ -2,7 +2,7 @@
=head1 NAME
-X509_SIG_get0, X509_SIG_get0_mutable - DigestInfo functions
+X509_SIG_get0, X509_SIG_getm - DigestInfo functions
=head1 SYNOPSIS
@@ -10,13 +10,13 @@ X509_SIG_get0, X509_SIG_get0_mutable - DigestInfo functions
void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
const ASN1_OCTET_STRING **pdigest);
- void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg,
- ASN1_OCTET_STRING **pdigest,
+ void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+ ASN1_OCTET_STRING **pdigest,
=head1 DESCRIPTION
X509_SIG_get0() returns pointers to the algorithm identifier and digest
-value in B<sig>. X509_SIG_get0_mutable() is identical to X509_SIG_get0()
+value in B<sig>. X509_SIG_getm() is identical to X509_SIG_get0()
except the pointers returned are not constant and can be modified:
for example to initialise them.
diff --git a/doc/crypto/X509_get_notBefore.pod
b/doc/crypto/X509_get_notBefore.pod
index 5fdc834..82502f6 100644
--- a/doc/crypto/X509_get_notBefore.pod
+++ b/doc/crypto/X509_get_notBefore.pod
@@ -2,9 +2,9 @@
=head1 NAME
-X509_get0_notBefore, X509_get_notBefore, X509_get0_notAfter, X509_get_notAfter,
-X509_set1_notBefore, X509_set1_notAfter, X509_CRL_get0_lastUpdate,
-X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate,
+X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter,
+X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter,
+X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate,
X509_CRL_set1_nextUpdate - get or set certificate or CRL dates
=head1 SYNOPSIS
@@ -14,8 +14,8 @@ X509_CRL_set1_nextUpdate - get or set certificate or CRL dates
const ASN1_TIME *X509_get0_notBefore(const X509 *x);
const ASN1_TIME *X509_get0_notAfter(const X509 *x);
- ASN1_TIME *X509_get_notBefore(const X509 *x);
- ASN1_TIME *X509_get_notAfter(const X509 *x);
+ ASN1_TIME *X509_getm_notBefore(const X509 *x);
+ ASN1_TIME *X509_getm_notAfter(const X509 *x);
int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
@@ -33,9 +33,10 @@ and B<notAfter> fields of certificate B<x> respectively. The
value
returned is an internal pointer which must not be freed up after
the call.
-X509_get_notBefore() and X509_get_notAfter() are similar to
-X509_get0_notBefore() and X509_get0_notAfter() except they do not
-return constant values. They are deprecated in OpenSSL 1.1.0
+X509_getm_notBefore() and X509_getm_notAfter() are similar to
+X509_get0_notBefore() and X509_get0_notAfter() except they return
+non-constant mutable references to the associated date field of
+the certficate.
X509_set1_notBefore() and X509_set1_notAfter() set the B<notBefore>
and B<notAfter> fields of B<x> to B<tm>. Ownership of the passed
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 80bb24e..1db8c93 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -517,8 +517,8 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp,
long length);
DECLARE_ASN1_FUNCTIONS(X509_SIG)
void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
const ASN1_OCTET_STRING **pdigest);
-void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg,
- ASN1_OCTET_STRING **pdigest);
+void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+ ASN1_OCTET_STRING **pdigest);
DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
DECLARE_ASN1_FUNCTIONS(X509_REQ)
@@ -622,16 +622,18 @@ X509_NAME *X509_get_issuer_name(const X509 *a);
int X509_set_subject_name(X509 *x, X509_NAME *name);
X509_NAME *X509_get_subject_name(const X509 *a);
const ASN1_TIME * X509_get0_notBefore(const X509 *x);
-DEPRECATEDIN_1_1_0(ASN1_TIME *X509_get_notBefore(const X509 *x))
+ASN1_TIME *X509_getm_notBefore(const X509 *x);
int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
const ASN1_TIME *X509_get0_notAfter(const X509 *x);
-DEPRECATEDIN_1_1_0(ASN1_TIME *X509_get_notAfter(const X509 *x))
+ASN1_TIME *X509_getm_notAfter(const X509 *x);
int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
int X509_up_ref(X509 *x);
int X509_get_signature_type(const X509 *x);
# if OPENSSL_API_COMPAT < 0x10100000L
+# define X509_get_notBefore X509_getm_notBefore
+# define X509_get_notAfter X509_getm_notAfter
# define X509_set_notBefore X509_set1_notBefore
# define X509_set_notAfter X509_set1_notAfter
#endif
diff --git a/util/libcrypto.num b/util/libcrypto.num
index c0d6309..a071a73 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1053,7 +1053,7 @@ BN_get_word 1044 1_1_0
EXIST::FUNCTION:
EVP_CipherFinal 1045 1_1_0 EXIST::FUNCTION:
i2d_X509_bio 1046 1_1_0 EXIST::FUNCTION:
X509_EXTENSION_new 1047 1_1_0 EXIST::FUNCTION:
-X509_get_notAfter 1048 1_1_0
EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+X509_getm_notAfter 1048 1_1_0 EXIST::FUNCTION:
X509_ALGOR_dup 1049 1_1_0 EXIST::FUNCTION:
d2i_X509_REQ_INFO 1050 1_1_0 EXIST::FUNCTION:
d2i_EC_PUBKEY_bio 1051 1_1_0 EXIST::FUNCTION:EC
@@ -2388,7 +2388,7 @@ ASN1_GENERALIZEDTIME_check 2356 1_1_0
EXIST::FUNCTION:
BN_clear_bit 2357 1_1_0 EXIST::FUNCTION:
BN_bn2lebinpad 2358 1_1_0 EXIST::FUNCTION:
EVP_PKEY_up_ref 2359 1_1_0 EXIST::FUNCTION:
-X509_get_notBefore 2360 1_1_0
EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+X509_getm_notBefore 2360 1_1_0 EXIST::FUNCTION:
BN_nist_mod_224 2361 1_1_0 EXIST::FUNCTION:
DES_decrypt3 2362 1_1_0 EXIST::FUNCTION:DES
OTHERNAME_it 2363 1_1_0
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -4191,7 +4191,7 @@ DSA_bits 4137 1_1_0
EXIST::FUNCTION:DSA
EVP_PKEY_set1_tls_encodedpoint 4138 1_1_0 EXIST::FUNCTION:
EVP_PKEY_get1_tls_encodedpoint 4139 1_1_0 EXIST::FUNCTION:
ASN1_STRING_get0_data 4140 1_1_0 EXIST::FUNCTION:
-X509_SIG_get0_mutable 4141 1_1_0 EXIST::FUNCTION:
+X509_SIG_getm 4141 1_1_0 EXIST::FUNCTION:
X509_get0_serialNumber 4142 1_1_0 EXIST::FUNCTION:
PKCS12_get_attr 4143 1_1_0
EXIST::FUNCTION:DEPRECATEDIN_1_1_0
X509_CRL_get0_lastUpdate 4144 1_1_0 EXIST::FUNCTION:
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
