Flense the greasy black guts of unreadble string parsing code out of three areas

in asn1 and x509 code, all dealing with an ASN1_TIME. This brings the parsing
together in one function that converts into a struct tm. While we are at it this
also brings us into conformance with RFC 5280 for times allowed in an X509 cert,
as OpenSSL is very liberal with what it allows.
input and fixes from deraadt@ jsing@ guethther@ and others.
ok krw@, guenther@, jsing@

1 files changed, 13 insertions, 93 deletions

diff --git a/src/lib/libcrypto/asn1/a_gentm.c b/src/lib/libcrypto/asn1/a_gentm.c
index 4cee40437c..594eb63058 100644
--- a/src/lib/libcrypto/asn1/a_gentm.c
+++ b/src/lib/libcrypto/asn1/a_gentm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_gentm.c,v 1.24 2015/09/30 18:04:02 jsing Exp $ */
+/* $OpenBSD: a_gentm.c,v 1.25 2015/10/02 15:04:45 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -66,86 +66,14 @@
 #include <openssl/err.h>
 
 #include "o_time.h"
+#include "asn1_locl.h"
 
 int
 ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
 {
-        static const int min[9] = {0, 0, 1, 1, 0, 0, 0, 0, 0};
-        static const int max[9] = {99, 99, 12, 31, 23, 59, 59, 12, 59};
-        char *a;
-        int n, i, l, o;
-
         if (d->type != V_ASN1_GENERALIZEDTIME)
                 return (0);
-        l = d->length;
-        a = (char *)d->data;
-        o = 0;
-        /* GENERALIZEDTIME is similar to UTCTIME except the year is
-         * represented as YYYY. This stuff treats everything as a two digit
-         * field so make first two fields 00 to 99
-         */
-        if (l < 13)
-                goto err;
-        for (i = 0; i < 7; i++) {
-                if ((i == 6) && ((a[o] == 'Z') ||
-                    (a[o] == '+') || (a[o] == '-'))) {
-                        i++;
-                        break;
-                }
-                if ((a[o] < '0') || (a[o] > '9'))
-                        goto err;
-                n= a[o]-'0';
-                if (++o > l)
-                        goto err;
-
-                if ((a[o] < '0') || (a[o] > '9'))
-                        goto err;
-                n = (n * 10)+ a[o] - '0';
-                if (++o > l)
-                        goto err;
-
-                if ((n < min[i]) || (n > max[i]))
-                        goto err;
-        }
-        /* Optional fractional seconds: decimal point followed by one
-         * or more digits.
-         */
-        if (a[o] == '.') {
-                if (++o > l)
-                        goto err;
-                i = o;
-                while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
-                        o++;
-                /* Must have at least one digit after decimal point */
-                if (i == o)
-                        goto err;
-        }
-
-        if (a[o] == 'Z')
-                o++;
-        else if ((a[o] == '+') || (a[o] == '-')) {
-                o++;
-                if (o + 4 > l)
-                        goto err;
-                for (i = 7; i < 9; i++) {
-                        if ((a[o] < '0') || (a[o] > '9'))
-                                goto err;
-                        n = a[o] - '0';
-                        o++;
-                        if ((a[o] < '0') || (a[o] > '9'))
-                                goto err;
-                        n = (n * 10) + a[o] - '0';
-                        if ((n < min[i]) || (n > max[i]))
-                                goto err;
-                        o++;
-                }
-        } else {
-                /* Missing time zone information. */
-                goto err;
-        }
-        return (o == l);
-err:
-        return (0);
+        return (d->type == asn1_time_parse(d->data, d->length, NULL, d->type));
 }
 
 int
@@ -179,34 +107,26 @@ ASN1_GENERALIZEDTIME_adj_internal(ASN1_GENERALIZEDTIME *s, time_t t,
     int offset_day, long offset_sec)
 {
         char *p;
-        struct tm *ts;
+        struct tm *tm;
         struct tm data;
-        size_t len = 20;
 
-        ts = gmtime_r(&t, &data);
-        if (ts == NULL)
+        tm = gmtime_r(&t, &data);
+        if (tm == NULL)
                 return (NULL);
 
         if (offset_day || offset_sec) {
-                if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+                if (!OPENSSL_gmtime_adj(tm, offset_day, offset_sec))
                         return NULL;
         }
 
-        p = (char *)s->data;
-        if ((p == NULL) || ((size_t)s->length < len)) {
-                p = malloc(len);
-                if (p == NULL) {
-                        ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ,
-                            ERR_R_MALLOC_FAILURE);
-                        return (NULL);
-                }
-                free(s->data);
-                s->data = (unsigned char *)p;
+        if ((p = gentime_string_from_tm(tm)) == NULL) {
+                ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE);
+                return (NULL);
         }
-
-        snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900,
-            ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, ts->tm_sec);
+        free(s->data);
+        s->data = p;
         s->length = strlen(p);
+
         s->type = V_ASN1_GENERALIZEDTIME;
         return (s);
 }