Set certificate times in one function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2016-08-19 16:21:21 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2016-08-19 16:52:58 +0100
commit: dc047d31fa0c31872db8601a1b9fcd35f24d8589 (patch)
tree: 751aa4ab6e7c2344281f6f9f73130d07f650cee6 /apps
parent: 3a60d6fa2f8a908d972f8787dc137acb7b8b26e3 (diff)
5 files changed, 44 insertions, 23 deletions
diff --git a/apps/apps.c b/apps/apps.c
index 40b31a5844..1ce632f003 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2589,3 +2589,37 @@ void corrupt_signature(const ASN1_STRING *signature)
         unsigned char *s = signature->data;
         s[signature->length - 1] ^= 0x1;
 }
+
+int set_cert_times(X509 *x, const char *startdate, const char *enddate,
+                   int days)
+{
+    int rv = 0;
+    ASN1_TIME *tm = ASN1_TIME_new();
+    if (tm == NULL)
+        goto err;
+    if (startdate == NULL || strcmp(startdate, "today") == 0) {
+        if (!X509_gmtime_adj(tm, 0))
+            goto err;
+    } else if (!ASN1_TIME_set_string(tm, startdate)) {
+            goto err;
+    }
+
+    if (!X509_set_notBefore(x, tm))
+        goto err;
+
+    if (enddate == NULL) {
+        if (!X509_time_adj_ex(tm, days, 0, NULL))
+            goto err;
+    } else if (!ASN1_TIME_set_string(tm, enddate)) {
+            goto err;
+    }
+
+    if (!X509_set_notAfter(x, tm))
+        goto err;
+
+    rv = 1;
+
+    err:
+    ASN1_TIME_free(tm);
+    return rv;
+}
diff --git a/apps/apps.h b/apps/apps.h
index 326e026231..fc7330537e 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -72,6 +72,8 @@ int has_stdin_waiting(void);
 # endif
 
 void corrupt_signature(const ASN1_STRING *signature);
+int set_cert_times(X509 *x, const char *startdate, const char *enddate,
+                   int days);
 
 /*
  * Common verification options.
diff --git a/apps/ca.c b/apps/ca.c
index a20ba44c09..ef61de2eef 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1698,16 +1698,11 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
             goto end;
     }
 
-    if (strcmp(startdate, "today") == 0)
-        X509_gmtime_adj(X509_get_notBefore(ret), 0);
-    else
-        ASN1_TIME_set_string(X509_get_notBefore(ret), startdate);
+    if (!set_cert_times(ret, startdate, enddate, days))
+        goto end;
 
-    if (enddate == NULL)
-        X509_time_adj_ex(X509_get_notAfter(ret), days, 0, NULL);
-    else {
+    if (enddate != NULL) {
         int tdays;
-        ASN1_TIME_set_string(X509_get_notAfter(ret), enddate);
         ASN1_TIME_diff(&tdays, NULL, NULL, X509_get_notAfter(ret));
         days = tdays;
     }
diff --git a/apps/req.c b/apps/req.c
index 112553b48e..bd18708e3a 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -616,9 +616,7 @@ int req_main(int argc, char **argv)
 
             if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req)))
                 goto end;
-            if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0))
-                goto end;
-            if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL))
+            if (!set_cert_times(x509ss, NULL, NULL, days))
                 goto end;
             if (!X509_set_subject_name
                 (x509ss, X509_REQ_get_subject_name(req)))
diff --git a/apps/x509.c b/apps/x509.c
index ca9a09f222..0cb38b796a 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -554,9 +554,9 @@ int x509_main(int argc, char **argv)
             goto end;
         if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req)))
             goto end;
+        if (!set_cert_times(x, NULL, NULL, days))
+            goto end;
 
-        X509_gmtime_adj(X509_get_notBefore(x), 0);
-        X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL);
         if (fkey)
             X509_set_pubkey(x, fkey);
         else {
@@ -983,11 +983,7 @@ static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *diges
     if (!X509_set_serialNumber(x, bs))
         goto end;
 
-    if (X509_gmtime_adj(X509_get_notBefore(x), 0L) == NULL)
-        goto end;
-
-    /* hardwired expired */
-    if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
+    if (!set_cert_times(x, NULL, NULL, days))
         goto end;
 
     if (clrext) {
@@ -1056,12 +1052,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
 
     if (!X509_set_issuer_name(x, X509_get_subject_name(x)))
         goto err;
-    if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
+    if (!set_cert_times(x, NULL, NULL, days))
         goto err;
-
-    if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
-        goto err;
-
     if (!X509_set_pubkey(x, pkey))
         goto err;
     if (clrext) {
author	Dr. Stephen Henson <steve@openssl.org>	2016-08-19 16:21:21 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2016-08-19 16:52:58 +0100
commit	dc047d31fa0c31872db8601a1b9fcd35f24d8589 (patch)
tree	751aa4ab6e7c2344281f6f9f73130d07f650cee6 /apps
parent	3a60d6fa2f8a908d972f8787dc137acb7b8b26e3 (diff)