diff options
| author | tedu <> | 2014-04-16 16:49:12 +0000 |
|---|---|---|
| committer | tedu <> | 2014-04-16 16:49:12 +0000 |
| commit | 2d9928bd5e9ac42556cbf939b50fc2be4362e003 (patch) | |
| tree | 9a5ac18941fff947666ed0508a229b639466a575 | |
| parent | 9f31b0e963d932126b015ef81ba675c165579523 (diff) | |
| download | openbsd-2d9928bd5e9ac42556cbf939b50fc2be4362e003.tar.gz openbsd-2d9928bd5e9ac42556cbf939b50fc2be4362e003.tar.bz2 openbsd-2d9928bd5e9ac42556cbf939b50fc2be4362e003.zip | |
Mandatory Surgeon Guenther's Warning: This code could not possibly be
correct because it doesn't zerofill the front of usecs, but that's the
way I found it.
a more thorough emulation of the old code, but with fewer whacky snprintf
pointer arithmetic antics. ok beck guenther
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/ts/ts_rsp_sign.c | 48 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ts/ts_rsp_sign.c | 48 |
2 files changed, 48 insertions, 48 deletions
diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c index b0f023c9d2..235c0a8476 100644 --- a/src/lib/libcrypto/ts/ts_rsp_sign.c +++ b/src/lib/libcrypto/ts/ts_rsp_sign.c | |||
| @@ -953,8 +953,9 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 953 | time_t time_sec = (time_t) sec; | 953 | time_t time_sec = (time_t) sec; |
| 954 | struct tm *tm = NULL; | 954 | struct tm *tm = NULL; |
| 955 | char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; | 955 | char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; |
| 956 | char *p = genTime_str; | 956 | char usecstr[TS_MAX_CLOCK_PRECISION_DIGITS + 2]; |
| 957 | char *p_end = genTime_str + sizeof(genTime_str); | 957 | char *p; |
| 958 | int rv; | ||
| 958 | 959 | ||
| 959 | if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) | 960 | if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) |
| 960 | goto err; | 961 | goto err; |
| @@ -970,18 +971,7 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 970 | * meet the rfc3161 requirement: "GeneralizedTime syntax can include | 971 | * meet the rfc3161 requirement: "GeneralizedTime syntax can include |
| 971 | * fraction-of-second details". | 972 | * fraction-of-second details". |
| 972 | */ | 973 | */ |
| 973 | p += BIO_snprintf(p, p_end - p, | 974 | if (precision > 0) { |
| 974 | "%04d%02d%02d%02d%02d%02d", | ||
| 975 | tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, | ||
| 976 | tm->tm_hour, tm->tm_min, tm->tm_sec); | ||
| 977 | if (precision > 0) | ||
| 978 | { | ||
| 979 | /* Add fraction of seconds (leave space for dot and null). */ | ||
| 980 | BIO_snprintf(p, 2 + precision, ".%ld", usec); | ||
| 981 | /* We cannot use the snprintf return value, | ||
| 982 | because it might have been truncated. */ | ||
| 983 | p += strlen(p); | ||
| 984 | |||
| 985 | /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides | 975 | /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides |
| 986 | the following restrictions for a DER-encoding, which OpenSSL | 976 | the following restrictions for a DER-encoding, which OpenSSL |
| 987 | (specifically ASN1_GENERALIZEDTIME_check() function) doesn't | 977 | (specifically ASN1_GENERALIZEDTIME_check() function) doesn't |
| @@ -993,16 +983,26 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 993 | if the elements correspond to 0, they MUST be wholly | 983 | if the elements correspond to 0, they MUST be wholly |
| 994 | omitted, and the decimal point element also MUST be | 984 | omitted, and the decimal point element also MUST be |
| 995 | omitted." */ | 985 | omitted." */ |
| 996 | /* Remove trailing zeros. The dot guarantees the exit | 986 | (void)snprintf(usecstr, sizeof(usecstr), ".%ld", usec); |
| 997 | condition of this loop even if all the digits are zero. */ | 987 | /* truncate and trim trailing 0 */ |
| 998 | while (*--p == '0') | 988 | usecstr[precision + 1] = '\0'; |
| 999 | /* empty */; | 989 | p = usecstr + strlen(usecstr) - 1; |
| 1000 | /* p points to either the dot or the last non-zero digit. */ | 990 | while (p > usecstr && *p == '0') |
| 1001 | if (*p != '.') ++p; | 991 | *p-- = '\0'; |
| 1002 | } | 992 | /* if we've reached the beginning, delete the . too */ |
| 1003 | /* Add the trailing Z and the terminating null. */ | 993 | if (p == usecstr) |
| 1004 | *p++ = 'Z'; | 994 | *p = '\0'; |
| 1005 | *p++ = '\0'; | 995 | |
| 996 | } else { | ||
| 997 | /* empty */ | ||
| 998 | usecstr[0] = '\0'; | ||
| 999 | } | ||
| 1000 | rv = snprintf(genTime_str, sizeof(genTime_str), | ||
| 1001 | "%04d%02d%02d%02d%02d%02d%sZ", | ||
| 1002 | tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, | ||
| 1003 | tm->tm_hour, tm->tm_min, tm->tm_sec, usecstr); | ||
| 1004 | if (rv == -1 || rv >= sizeof(genTime_str)) | ||
| 1005 | goto err; | ||
| 1006 | 1006 | ||
| 1007 | /* Now call OpenSSL to check and set our genTime value */ | 1007 | /* Now call OpenSSL to check and set our genTime value */ |
| 1008 | if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) | 1008 | if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) |
diff --git a/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c b/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c index b0f023c9d2..235c0a8476 100644 --- a/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c +++ b/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c | |||
| @@ -953,8 +953,9 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 953 | time_t time_sec = (time_t) sec; | 953 | time_t time_sec = (time_t) sec; |
| 954 | struct tm *tm = NULL; | 954 | struct tm *tm = NULL; |
| 955 | char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; | 955 | char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; |
| 956 | char *p = genTime_str; | 956 | char usecstr[TS_MAX_CLOCK_PRECISION_DIGITS + 2]; |
| 957 | char *p_end = genTime_str + sizeof(genTime_str); | 957 | char *p; |
| 958 | int rv; | ||
| 958 | 959 | ||
| 959 | if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) | 960 | if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) |
| 960 | goto err; | 961 | goto err; |
| @@ -970,18 +971,7 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 970 | * meet the rfc3161 requirement: "GeneralizedTime syntax can include | 971 | * meet the rfc3161 requirement: "GeneralizedTime syntax can include |
| 971 | * fraction-of-second details". | 972 | * fraction-of-second details". |
| 972 | */ | 973 | */ |
| 973 | p += BIO_snprintf(p, p_end - p, | 974 | if (precision > 0) { |
| 974 | "%04d%02d%02d%02d%02d%02d", | ||
| 975 | tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, | ||
| 976 | tm->tm_hour, tm->tm_min, tm->tm_sec); | ||
| 977 | if (precision > 0) | ||
| 978 | { | ||
| 979 | /* Add fraction of seconds (leave space for dot and null). */ | ||
| 980 | BIO_snprintf(p, 2 + precision, ".%ld", usec); | ||
| 981 | /* We cannot use the snprintf return value, | ||
| 982 | because it might have been truncated. */ | ||
| 983 | p += strlen(p); | ||
| 984 | |||
| 985 | /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides | 975 | /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides |
| 986 | the following restrictions for a DER-encoding, which OpenSSL | 976 | the following restrictions for a DER-encoding, which OpenSSL |
| 987 | (specifically ASN1_GENERALIZEDTIME_check() function) doesn't | 977 | (specifically ASN1_GENERALIZEDTIME_check() function) doesn't |
| @@ -993,16 +983,26 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 993 | if the elements correspond to 0, they MUST be wholly | 983 | if the elements correspond to 0, they MUST be wholly |
| 994 | omitted, and the decimal point element also MUST be | 984 | omitted, and the decimal point element also MUST be |
| 995 | omitted." */ | 985 | omitted." */ |
| 996 | /* Remove trailing zeros. The dot guarantees the exit | 986 | (void)snprintf(usecstr, sizeof(usecstr), ".%ld", usec); |
| 997 | condition of this loop even if all the digits are zero. */ | 987 | /* truncate and trim trailing 0 */ |
| 998 | while (*--p == '0') | 988 | usecstr[precision + 1] = '\0'; |
| 999 | /* empty */; | 989 | p = usecstr + strlen(usecstr) - 1; |
| 1000 | /* p points to either the dot or the last non-zero digit. */ | 990 | while (p > usecstr && *p == '0') |
| 1001 | if (*p != '.') ++p; | 991 | *p-- = '\0'; |
| 1002 | } | 992 | /* if we've reached the beginning, delete the . too */ |
| 1003 | /* Add the trailing Z and the terminating null. */ | 993 | if (p == usecstr) |
| 1004 | *p++ = 'Z'; | 994 | *p = '\0'; |
| 1005 | *p++ = '\0'; | 995 | |
| 996 | } else { | ||
| 997 | /* empty */ | ||
| 998 | usecstr[0] = '\0'; | ||
| 999 | } | ||
| 1000 | rv = snprintf(genTime_str, sizeof(genTime_str), | ||
| 1001 | "%04d%02d%02d%02d%02d%02d%sZ", | ||
| 1002 | tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, | ||
| 1003 | tm->tm_hour, tm->tm_min, tm->tm_sec, usecstr); | ||
| 1004 | if (rv == -1 || rv >= sizeof(genTime_str)) | ||
| 1005 | goto err; | ||
| 1006 | 1006 | ||
| 1007 | /* Now call OpenSSL to check and set our genTime value */ | 1007 | /* Now call OpenSSL to check and set our genTime value */ |
| 1008 | if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) | 1008 | if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) |