diff options
| author | tedu <> | 2014-04-16 15:35:36 +0000 |
|---|---|---|
| committer | tedu <> | 2014-04-16 15:35:36 +0000 |
| commit | 0e69e41c39b48502d3bae7240b807d0fef36a4da (patch) | |
| tree | ca1cee5d440fd150dc4ea93bbc6e1ee41a7e0126 | |
| parent | 07d70e2f624616050545c4fb6f6ba748c12b342e (diff) | |
| download | openbsd-0e69e41c39b48502d3bae7240b807d0fef36a4da.tar.gz openbsd-0e69e41c39b48502d3bae7240b807d0fef36a4da.tar.bz2 openbsd-0e69e41c39b48502d3bae7240b807d0fef36a4da.zip | |
replace some bio_snprintf crazy with regular snprintf.
beck had a diff to convert to strftime, but it's easier to verify this
is functionally the same. ok beck.
| -rw-r--r-- | src/lib/libcrypto/ts/ts_rsp_sign.c | 47 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ts/ts_rsp_sign.c | 47 |
2 files changed, 52 insertions, 42 deletions
diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c index b0f023c9d2..a6ce1796c6 100644 --- a/src/lib/libcrypto/ts/ts_rsp_sign.c +++ b/src/lib/libcrypto/ts/ts_rsp_sign.c | |||
| @@ -953,8 +953,8 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 953 | time_t time_sec = (time_t) sec; | 953 | time_t time_sec = (time_t) sec; |
| 954 | struct tm *tm = NULL; | 954 | struct tm *tm = NULL; |
| 955 | char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; | 955 | char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; |
| 956 | char *p = genTime_str; | 956 | char *p; |
| 957 | char *p_end = genTime_str + sizeof(genTime_str); | 957 | int rv; |
| 958 | 958 | ||
| 959 | if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) | 959 | if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) |
| 960 | goto err; | 960 | goto err; |
| @@ -970,18 +970,13 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 970 | * meet the rfc3161 requirement: "GeneralizedTime syntax can include | 970 | * meet the rfc3161 requirement: "GeneralizedTime syntax can include |
| 971 | * fraction-of-second details". | 971 | * fraction-of-second details". |
| 972 | */ | 972 | */ |
| 973 | p += BIO_snprintf(p, p_end - p, | 973 | if (precision > 0) { |
| 974 | "%04d%02d%02d%02d%02d%02d", | 974 | rv = snprintf(genTime_str, sizeof(genTime_str), |
| 975 | "%04d%02d%02d%02d%02d%02d.%ldZ", | ||
| 975 | tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, | 976 | tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, |
| 976 | tm->tm_hour, tm->tm_min, tm->tm_sec); | 977 | tm->tm_hour, tm->tm_min, tm->tm_sec, usec); |
| 977 | if (precision > 0) | 978 | if (rv == -1 || rv >= sizeof(genTime_str)) |
| 978 | { | 979 | goto err; |
| 979 | /* Add fraction of seconds (leave space for dot and null). */ | ||
| 980 | BIO_snprintf(p, 2 + precision, ".%ld", usec); | ||
| 981 | /* We cannot use the snprintf return value, | ||
| 982 | because it might have been truncated. */ | ||
| 983 | p += strlen(p); | ||
| 984 | |||
| 985 | /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides | 980 | /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides |
| 986 | the following restrictions for a DER-encoding, which OpenSSL | 981 | the following restrictions for a DER-encoding, which OpenSSL |
| 987 | (specifically ASN1_GENERALIZEDTIME_check() function) doesn't | 982 | (specifically ASN1_GENERALIZEDTIME_check() function) doesn't |
| @@ -995,14 +990,24 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 995 | omitted." */ | 990 | omitted." */ |
| 996 | /* Remove trailing zeros. The dot guarantees the exit | 991 | /* Remove trailing zeros. The dot guarantees the exit |
| 997 | condition of this loop even if all the digits are zero. */ | 992 | condition of this loop even if all the digits are zero. */ |
| 998 | while (*--p == '0') | 993 | p = strchr(genTime_str, 'Z'); |
| 999 | /* empty */; | 994 | p--; /* move back in front of Z */ |
| 1000 | /* p points to either the dot or the last non-zero digit. */ | 995 | /* pass over 0s */ |
| 1001 | if (*p != '.') ++p; | 996 | while (*p == '0') |
| 1002 | } | 997 | p--; |
| 1003 | /* Add the trailing Z and the terminating null. */ | 998 | /* if we're not at . we're at an interesting digit */ |
| 1004 | *p++ = 'Z'; | 999 | if (*p != '.') |
| 1005 | *p++ = '\0'; | 1000 | p++; |
| 1001 | *p++ = 'Z'; | ||
| 1002 | *p = 0; | ||
| 1003 | } else { | ||
| 1004 | rv = snprintf(genTime_str, sizeof(genTime_str), | ||
| 1005 | "%04d%02d%02d%02d%02d%02dZ", | ||
| 1006 | tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, | ||
| 1007 | tm->tm_hour, tm->tm_min, tm->tm_sec); | ||
| 1008 | if (rv == -1 || rv >= sizeof(genTime_str)) | ||
| 1009 | goto err; | ||
| 1010 | } | ||
| 1006 | 1011 | ||
| 1007 | /* Now call OpenSSL to check and set our genTime value */ | 1012 | /* Now call OpenSSL to check and set our genTime value */ |
| 1008 | if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) | 1013 | if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) |
diff --git a/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c b/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c index b0f023c9d2..a6ce1796c6 100644 --- a/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c +++ b/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c | |||
| @@ -953,8 +953,8 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 953 | time_t time_sec = (time_t) sec; | 953 | time_t time_sec = (time_t) sec; |
| 954 | struct tm *tm = NULL; | 954 | struct tm *tm = NULL; |
| 955 | char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; | 955 | char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; |
| 956 | char *p = genTime_str; | 956 | char *p; |
| 957 | char *p_end = genTime_str + sizeof(genTime_str); | 957 | int rv; |
| 958 | 958 | ||
| 959 | if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) | 959 | if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) |
| 960 | goto err; | 960 | goto err; |
| @@ -970,18 +970,13 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 970 | * meet the rfc3161 requirement: "GeneralizedTime syntax can include | 970 | * meet the rfc3161 requirement: "GeneralizedTime syntax can include |
| 971 | * fraction-of-second details". | 971 | * fraction-of-second details". |
| 972 | */ | 972 | */ |
| 973 | p += BIO_snprintf(p, p_end - p, | 973 | if (precision > 0) { |
| 974 | "%04d%02d%02d%02d%02d%02d", | 974 | rv = snprintf(genTime_str, sizeof(genTime_str), |
| 975 | "%04d%02d%02d%02d%02d%02d.%ldZ", | ||
| 975 | tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, | 976 | tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, |
| 976 | tm->tm_hour, tm->tm_min, tm->tm_sec); | 977 | tm->tm_hour, tm->tm_min, tm->tm_sec, usec); |
| 977 | if (precision > 0) | 978 | if (rv == -1 || rv >= sizeof(genTime_str)) |
| 978 | { | 979 | goto err; |
| 979 | /* Add fraction of seconds (leave space for dot and null). */ | ||
| 980 | BIO_snprintf(p, 2 + precision, ".%ld", usec); | ||
| 981 | /* We cannot use the snprintf return value, | ||
| 982 | because it might have been truncated. */ | ||
| 983 | p += strlen(p); | ||
| 984 | |||
| 985 | /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides | 980 | /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides |
| 986 | the following restrictions for a DER-encoding, which OpenSSL | 981 | the following restrictions for a DER-encoding, which OpenSSL |
| 987 | (specifically ASN1_GENERALIZEDTIME_check() function) doesn't | 982 | (specifically ASN1_GENERALIZEDTIME_check() function) doesn't |
| @@ -995,14 +990,24 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 995 | omitted." */ | 990 | omitted." */ |
| 996 | /* Remove trailing zeros. The dot guarantees the exit | 991 | /* Remove trailing zeros. The dot guarantees the exit |
| 997 | condition of this loop even if all the digits are zero. */ | 992 | condition of this loop even if all the digits are zero. */ |
| 998 | while (*--p == '0') | 993 | p = strchr(genTime_str, 'Z'); |
| 999 | /* empty */; | 994 | p--; /* move back in front of Z */ |
| 1000 | /* p points to either the dot or the last non-zero digit. */ | 995 | /* pass over 0s */ |
| 1001 | if (*p != '.') ++p; | 996 | while (*p == '0') |
| 1002 | } | 997 | p--; |
| 1003 | /* Add the trailing Z and the terminating null. */ | 998 | /* if we're not at . we're at an interesting digit */ |
| 1004 | *p++ = 'Z'; | 999 | if (*p != '.') |
| 1005 | *p++ = '\0'; | 1000 | p++; |
| 1001 | *p++ = 'Z'; | ||
| 1002 | *p = 0; | ||
| 1003 | } else { | ||
| 1004 | rv = snprintf(genTime_str, sizeof(genTime_str), | ||
| 1005 | "%04d%02d%02d%02d%02d%02dZ", | ||
| 1006 | tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, | ||
| 1007 | tm->tm_hour, tm->tm_min, tm->tm_sec); | ||
| 1008 | if (rv == -1 || rv >= sizeof(genTime_str)) | ||
| 1009 | goto err; | ||
| 1010 | } | ||
| 1006 | 1011 | ||
| 1007 | /* Now call OpenSSL to check and set our genTime value */ | 1012 | /* Now call OpenSSL to check and set our genTime value */ |
| 1008 | if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) | 1013 | if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) |