Constify certificate and CRL time routines.

Update certificate and CRL time routines to match new standard. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2016-08-19 12:39:57 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2016-08-19 18:40:55 +0100
commit: 568ce3a583a17c33feacbf5028ece9f7f0680478 (patch)
tree: f55156e99147d3139ad974b7a9c44925982bf987 /crypto
parent: c4fbed6c3139726fc719a703d2195f3b6426b748 (diff)
5 files changed, 45 insertions, 21 deletions
diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c
index 2451ee72db..de0320d075 100644
--- a/crypto/x509/t_crl.c
+++ b/crypto/x509/t_crl.c
@@ -51,10 +51,10 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
     BIO_printf(out, "%8sIssuer: %s\n", "", p);
     OPENSSL_free(p);
     BIO_printf(out, "%8sLast Update: ", "");
-    ASN1_TIME_print(out, X509_CRL_get_lastUpdate(x));
+    ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x));
     BIO_printf(out, "\n%8sNext Update: ", "");
-    if (X509_CRL_get_nextUpdate(x))
-        ASN1_TIME_print(out, X509_CRL_get_nextUpdate(x));
+    if (X509_CRL_get0_nextUpdate(x))
+        ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x));
     else
         BIO_printf(out, "NONE");
     BIO_printf(out, "\n");
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 5d7c130d46..feeff754c3 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -129,11 +129,11 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
             goto err;
         if (BIO_write(bp, "            Not Before: ", 24) <= 0)
             goto err;
-        if (!ASN1_TIME_print(bp, X509_get_notBefore(x)))
+        if (!ASN1_TIME_print(bp, X509_get0_notBefore(x)))
             goto err;
         if (BIO_write(bp, "\n            Not After : ", 25) <= 0)
             goto err;
-        if (!ASN1_TIME_print(bp, X509_get_notAfter(x)))
+        if (!ASN1_TIME_print(bp, X509_get0_notAfter(x)))
             goto err;
         if (BIO_write(bp, "\n", 1) <= 0)
             goto err;
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index 3cebf6ef3b..8bf367b645 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -71,14 +71,14 @@ int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
     return (in != NULL);
 }
 
-int X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
+int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm)
 {
     if (x == NULL)
         return 0;
     return x509_set1_time(&x->cert_info.validity.notBefore, tm);
 }
 
-int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
+int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
 {
     if (x == NULL)
         return 0;
@@ -109,7 +109,18 @@ long X509_get_version(const X509 *x)
     return ASN1_INTEGER_get(x->cert_info.version);
 }
 
-ASN1_TIME * X509_get_notBefore(const X509 *x)
+const ASN1_TIME *X509_get0_notBefore(const X509 *x)
+{
+    return x->cert_info.validity.notBefore;
+}
+
+const ASN1_TIME *X509_get0_notAfter(const X509 *x)
+{
+    return x->cert_info.validity.notAfter;
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+ASN1_TIME *X509_get_notBefore(const X509 *x)
 {
     return x->cert_info.validity.notBefore;
 }
@@ -118,6 +129,7 @@ ASN1_TIME *X509_get_notAfter(const X509 *x)
 {
     return x->cert_info.validity.notAfter;
 }
+#endif
 
 int X509_get_signature_type(const X509 *x)
 {
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 36baeacb9d..13a9ba3c38 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -921,7 +921,7 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
     else
         ptime = NULL;
 
-    i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
+    i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime);
     if (i == 0) {
         if (!notify)
             return 0;
@@ -936,8 +936,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
             return 0;
     }
 
-    if (X509_CRL_get_nextUpdate(crl)) {
-        i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
+    if (X509_CRL_get0_nextUpdate(crl)) {
+        i = X509_cmp_time(X509_CRL_get0_nextUpdate(crl), ptime);
 
         if (i == 0) {
             if (!notify)
@@ -979,8 +979,8 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
         /* If current CRL is equivalent use it if it is newer */
         if (crl_score == best_score) {
             int day, sec;
-            if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
-                               X509_CRL_get_lastUpdate(crl)) == 0)
+            if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl),
+                               X509_CRL_get0_lastUpdate(crl)) == 0)
                 continue;
             /*
              * ASN1_TIME_diff never returns inconsistent signs for |day|
@@ -1646,7 +1646,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
     else
         ptime = NULL;
 
-    i = X509_cmp_time(X509_get_notBefore(x), ptime);
+    i = X509_cmp_time(X509_get0_notBefore(x), ptime);
     if (i >= 0 && depth < 0)
         return 0;
     if (i == 0 && !verify_cb_cert(ctx, x, depth,
@@ -1655,7 +1655,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
     if (i > 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_NOT_YET_VALID))
         return 0;
 
-    i = X509_cmp_time(X509_get_notAfter(x), ptime);
+    i = X509_cmp_time(X509_get0_notAfter(x), ptime);
     if (i <= 0 && depth < 0)
         return 0;
     if (i == 0 && !verify_cb_cert(ctx, x, depth,
@@ -1983,9 +1983,9 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
     if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
         goto memerr;
 
-    if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer)))
+    if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer)))
         goto memerr;
-    if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer)))
+    if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer)))
         goto memerr;
 
     /* Set base CRL number: must be critical */
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index 681c43812a..205785961b 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -33,14 +33,14 @@ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
     return (X509_NAME_set(&x->crl.issuer, name));
 }
 
-int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
+int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
 {
     if (x == NULL)
         return 0;
     return x509_set1_time(&x->crl.lastUpdate, tm);
 }
 
-int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
+int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
 {
     if (x == NULL)
         return 0;
@@ -80,16 +80,28 @@ long X509_CRL_get_version(const X509_CRL *crl)
     return ASN1_INTEGER_get(crl->crl.version);
 }
 
-ASN1_TIME *X509_CRL_get_lastUpdate(const X509_CRL *crl)
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl)
 {
     return crl->crl.lastUpdate;
 }
 
-ASN1_TIME *X509_CRL_get_nextUpdate(const X509_CRL *crl)
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl)
 {
     return crl->crl.nextUpdate;
 }
 
+#if OPENSSL_API_COMPAT < 0x10100000L
+ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
+{
+    return crl->crl.lastUpdate;
+}
+
+ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
+{
+    return crl->crl.nextUpdate;
+}
+#endif
+
 X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl)
 {
     return crl->crl.issuer;
author	Dr. Stephen Henson <steve@openssl.org>	2016-08-19 12:39:57 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2016-08-19 18:40:55 +0100
commit	568ce3a583a17c33feacbf5028ece9f7f0680478 (patch)
tree	f55156e99147d3139ad974b7a9c44925982bf987 /crypto
parent	c4fbed6c3139726fc719a703d2195f3b6426b748 (diff)