diff options
| author | tedu <> | 2014-04-16 15:39:45 +0000 |
|---|---|---|
| committer | tedu <> | 2014-04-16 15:39:45 +0000 |
| commit | 35fa6e8fd9be58ac849590dfdb072081d7dc4c67 (patch) | |
| tree | cd6b7bd17edfb25d9928b1c38f811f45391e4e97 | |
| parent | 0e69e41c39b48502d3bae7240b807d0fef36a4da (diff) | |
| download | openbsd-35fa6e8fd9be58ac849590dfdb072081d7dc4c67.tar.gz openbsd-35fa6e8fd9be58ac849590dfdb072081d7dc4c67.tar.bz2 openbsd-35fa6e8fd9be58ac849590dfdb072081d7dc4c67.zip | |
revert. the full horror has only now revealed itself.
| -rw-r--r-- | src/lib/libcrypto/ts/ts_rsp_sign.c | 47 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ts/ts_rsp_sign.c | 47 |
2 files changed, 42 insertions, 52 deletions
diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c index a6ce1796c6..b0f023c9d2 100644 --- a/src/lib/libcrypto/ts/ts_rsp_sign.c +++ b/src/lib/libcrypto/ts/ts_rsp_sign.c | |||
| @@ -953,8 +953,8 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 953 | time_t time_sec = (time_t) sec; | 953 | time_t time_sec = (time_t) sec; |
| 954 | struct tm *tm = NULL; | 954 | struct tm *tm = NULL; |
| 955 | char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; | 955 | char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; |
| 956 | char *p; | 956 | char *p = genTime_str; |
| 957 | int rv; | 957 | char *p_end = genTime_str + sizeof(genTime_str); |
| 958 | 958 | ||
| 959 | if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) | 959 | if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) |
| 960 | goto err; | 960 | goto err; |
| @@ -970,13 +970,18 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 970 | * meet the rfc3161 requirement: "GeneralizedTime syntax can include | 970 | * meet the rfc3161 requirement: "GeneralizedTime syntax can include |
| 971 | * fraction-of-second details". | 971 | * fraction-of-second details". |
| 972 | */ | 972 | */ |
| 973 | if (precision > 0) { | 973 | p += BIO_snprintf(p, p_end - p, |
| 974 | rv = snprintf(genTime_str, sizeof(genTime_str), | 974 | "%04d%02d%02d%02d%02d%02d", |
| 975 | "%04d%02d%02d%02d%02d%02d.%ldZ", | ||
| 976 | tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, | 975 | tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, |
| 977 | tm->tm_hour, tm->tm_min, tm->tm_sec, usec); | 976 | tm->tm_hour, tm->tm_min, tm->tm_sec); |
| 978 | if (rv == -1 || rv >= sizeof(genTime_str)) | 977 | if (precision > 0) |
| 979 | goto err; | 978 | { |
| 979 | /* Add fraction of seconds (leave space for dot and null). */ | ||
| 980 | BIO_snprintf(p, 2 + precision, ".%ld", usec); | ||
| 981 | /* We cannot use the snprintf return value, | ||
| 982 | because it might have been truncated. */ | ||
| 983 | p += strlen(p); | ||
| 984 | |||
| 980 | /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides | 985 | /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides |
| 981 | the following restrictions for a DER-encoding, which OpenSSL | 986 | the following restrictions for a DER-encoding, which OpenSSL |
| 982 | (specifically ASN1_GENERALIZEDTIME_check() function) doesn't | 987 | (specifically ASN1_GENERALIZEDTIME_check() function) doesn't |
| @@ -990,24 +995,14 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 990 | omitted." */ | 995 | omitted." */ |
| 991 | /* Remove trailing zeros. The dot guarantees the exit | 996 | /* Remove trailing zeros. The dot guarantees the exit |
| 992 | condition of this loop even if all the digits are zero. */ | 997 | condition of this loop even if all the digits are zero. */ |
| 993 | p = strchr(genTime_str, 'Z'); | 998 | while (*--p == '0') |
| 994 | p--; /* move back in front of Z */ | 999 | /* empty */; |
| 995 | /* pass over 0s */ | 1000 | /* p points to either the dot or the last non-zero digit. */ |
| 996 | while (*p == '0') | 1001 | if (*p != '.') ++p; |
| 997 | p--; | 1002 | } |
| 998 | /* if we're not at . we're at an interesting digit */ | 1003 | /* Add the trailing Z and the terminating null. */ |
| 999 | if (*p != '.') | 1004 | *p++ = 'Z'; |
| 1000 | p++; | 1005 | *p++ = '\0'; |
| 1001 | *p++ = 'Z'; | ||
| 1002 | *p = 0; | ||
| 1003 | } else { | ||
| 1004 | rv = snprintf(genTime_str, sizeof(genTime_str), | ||
| 1005 | "%04d%02d%02d%02d%02d%02dZ", | ||
| 1006 | tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, | ||
| 1007 | tm->tm_hour, tm->tm_min, tm->tm_sec); | ||
| 1008 | if (rv == -1 || rv >= sizeof(genTime_str)) | ||
| 1009 | goto err; | ||
| 1010 | } | ||
| 1011 | 1006 | ||
| 1012 | /* Now call OpenSSL to check and set our genTime value */ | 1007 | /* Now call OpenSSL to check and set our genTime value */ |
| 1013 | if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) | 1008 | if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) |
diff --git a/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c b/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c index a6ce1796c6..b0f023c9d2 100644 --- a/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c +++ b/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c | |||
| @@ -953,8 +953,8 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 953 | time_t time_sec = (time_t) sec; | 953 | time_t time_sec = (time_t) sec; |
| 954 | struct tm *tm = NULL; | 954 | struct tm *tm = NULL; |
| 955 | char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; | 955 | char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; |
| 956 | char *p; | 956 | char *p = genTime_str; |
| 957 | int rv; | 957 | char *p_end = genTime_str + sizeof(genTime_str); |
| 958 | 958 | ||
| 959 | if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) | 959 | if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) |
| 960 | goto err; | 960 | goto err; |
| @@ -970,13 +970,18 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 970 | * meet the rfc3161 requirement: "GeneralizedTime syntax can include | 970 | * meet the rfc3161 requirement: "GeneralizedTime syntax can include |
| 971 | * fraction-of-second details". | 971 | * fraction-of-second details". |
| 972 | */ | 972 | */ |
| 973 | if (precision > 0) { | 973 | p += BIO_snprintf(p, p_end - p, |
| 974 | rv = snprintf(genTime_str, sizeof(genTime_str), | 974 | "%04d%02d%02d%02d%02d%02d", |
| 975 | "%04d%02d%02d%02d%02d%02d.%ldZ", | ||
| 976 | tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, | 975 | tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, |
| 977 | tm->tm_hour, tm->tm_min, tm->tm_sec, usec); | 976 | tm->tm_hour, tm->tm_min, tm->tm_sec); |
| 978 | if (rv == -1 || rv >= sizeof(genTime_str)) | 977 | if (precision > 0) |
| 979 | goto err; | 978 | { |
| 979 | /* Add fraction of seconds (leave space for dot and null). */ | ||
| 980 | BIO_snprintf(p, 2 + precision, ".%ld", usec); | ||
| 981 | /* We cannot use the snprintf return value, | ||
| 982 | because it might have been truncated. */ | ||
| 983 | p += strlen(p); | ||
| 984 | |||
| 980 | /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides | 985 | /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides |
| 981 | the following restrictions for a DER-encoding, which OpenSSL | 986 | the following restrictions for a DER-encoding, which OpenSSL |
| 982 | (specifically ASN1_GENERALIZEDTIME_check() function) doesn't | 987 | (specifically ASN1_GENERALIZEDTIME_check() function) doesn't |
| @@ -990,24 +995,14 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 990 | omitted." */ | 995 | omitted." */ |
| 991 | /* Remove trailing zeros. The dot guarantees the exit | 996 | /* Remove trailing zeros. The dot guarantees the exit |
| 992 | condition of this loop even if all the digits are zero. */ | 997 | condition of this loop even if all the digits are zero. */ |
| 993 | p = strchr(genTime_str, 'Z'); | 998 | while (*--p == '0') |
| 994 | p--; /* move back in front of Z */ | 999 | /* empty */; |
| 995 | /* pass over 0s */ | 1000 | /* p points to either the dot or the last non-zero digit. */ |
| 996 | while (*p == '0') | 1001 | if (*p != '.') ++p; |
| 997 | p--; | 1002 | } |
| 998 | /* if we're not at . we're at an interesting digit */ | 1003 | /* Add the trailing Z and the terminating null. */ |
| 999 | if (*p != '.') | 1004 | *p++ = 'Z'; |
| 1000 | p++; | 1005 | *p++ = '\0'; |
| 1001 | *p++ = 'Z'; | ||
| 1002 | *p = 0; | ||
| 1003 | } else { | ||
| 1004 | rv = snprintf(genTime_str, sizeof(genTime_str), | ||
| 1005 | "%04d%02d%02d%02d%02d%02dZ", | ||
| 1006 | tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, | ||
| 1007 | tm->tm_hour, tm->tm_min, tm->tm_sec); | ||
| 1008 | if (rv == -1 || rv >= sizeof(genTime_str)) | ||
| 1009 | goto err; | ||
| 1010 | } | ||
| 1011 | 1006 | ||
| 1012 | /* Now call OpenSSL to check and set our genTime value */ | 1007 | /* Now call OpenSSL to check and set our genTime value */ |
| 1013 | if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) | 1008 | if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) |