Flense the greasy black guts of unreadble string parsing code out of three areas

in asn1 and x509 code, all dealing with an ASN1_TIME. This brings the parsing together in one function that converts into a struct tm. While we are at it this also brings us into conformance with RFC 5280 for times allowed in an X509 cert, as OpenSSL is very liberal with what it allows. input and fixes from deraadt@ jsing@ guethther@ and others. ok krw@, guenther@, jsing@
author: beck <> 2015-10-02 15:04:45 +0000
committer: beck <> 2015-10-02 15:04:45 +0000
commit: 0fdba47b730ef7a8d2107e42c5db7b2a3e008a8f (patch)
tree: 8649498e5e9fdda4e44ebac5989504efbcc57b61 /src/lib/libcrypto/asn1/a_time.c
parent: 6495b7869be4c5fea2bedea3e13b8ccdb320320e (diff)
download: openbsd-0fdba47b730ef7a8d2107e42c5db7b2a3e008a8f.tar.gz
openbsd-0fdba47b730ef7a8d2107e42c5db7b2a3e008a8f.tar.bz2
openbsd-0fdba47b730ef7a8d2107e42c5db7b2a3e008a8f.zip
1 files changed, 11 insertions, 14 deletions
diff --git a/src/lib/libcrypto/asn1/a_time.c b/src/lib/libcrypto/asn1/a_time.c
index 25a1805640..a6c7c8e736 100644
--- a/src/lib/libcrypto/asn1/a_time.c
+++ b/src/lib/libcrypto/asn1/a_time.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_time.c,v 1.25 2015/09/30 18:04:02 jsing Exp $ */
+/* $OpenBSD: a_time.c,v 1.26 2015/10/02 15:04:45 beck Exp $ */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
@@ -68,7 +68,7 @@
 #include <openssl/err.h>
 #include "o_time.h"
+#include "asn1_locl.h"
 const ASN1_ITEM ASN1_TIME_it = {
        .itype = ASN1_ITYPE_MSTRING,
@@ -135,11 +135,9 @@ ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, long offset_sec)
 int
 ASN1_TIME_check(ASN1_TIME *t)
 {
-        if (t->type == V_ASN1_GENERALIZEDTIME)
+        if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME)
-                return ASN1_GENERALIZEDTIME_check(t);
+                return 0;
-        else if (t->type == V_ASN1_UTCTIME)
+        return (t->type == asn1_time_parse(t->data, t->length, NULL, t->type));
-                return ASN1_UTCTIME_check(t);
-        return 0;
 }
 /* Convert an ASN1_TIME structure to GeneralizedTime */
@@ -210,13 +208,12 @@ ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
        t.data = (unsigned char *)str;
        t.flags = 0;
-        t.type = V_ASN1_UTCTIME;
+        t.type = asn1_time_parse(t.data, t.length, NULL, V_ASN1_UTCTIME);
+        if (t.type == -1)
-        if (!ASN1_TIME_check(&t)) {
+                t.type = asn1_time_parse(t.data, t.length, NULL,
-                t.type = V_ASN1_GENERALIZEDTIME;
+                    V_ASN1_GENERALIZEDTIME);
-                if (!ASN1_TIME_check(&t))
+        if (t.type == -1)
-                        return 0;
+                return 0;
-        }
        if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
                return 0;
author	beck <>	2015-10-02 15:04:45 +0000
committer	beck <>	2015-10-02 15:04:45 +0000
commit	0fdba47b730ef7a8d2107e42c5db7b2a3e008a8f (patch)
tree	8649498e5e9fdda4e44ebac5989504efbcc57b61 /src/lib/libcrypto/asn1/a_time.c
parent	6495b7869be4c5fea2bedea3e13b8ccdb320320e (diff)
download	openbsd-0fdba47b730ef7a8d2107e42c5db7b2a3e008a8f.tar.gz openbsd-0fdba47b730ef7a8d2107e42c5db7b2a3e008a8f.tar.bz2 openbsd-0fdba47b730ef7a8d2107e42c5db7b2a3e008a8f.zip

diff --git a/src/lib/libcrypto/asn1/a_time.c b/src/lib/libcrypto/asn1/a_time.c index 25a1805640..a6c7c8e736 100644 --- a/src/lib/libcrypto/asn1/a_time.c +++ b/src/lib/libcrypto/asn1/a_time.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: a_time.c,v 1.25 2015/09/30 18:04:02 jsing Exp $ */	1	/* $OpenBSD: a_time.c,v 1.26 2015/10/02 15:04:45 beck Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1999 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -68,7 +68,7 @@
68	#include <openssl/err.h>	68	#include <openssl/err.h>
69		69
70	#include "o_time.h"	70	#include "o_time.h"
71		71	#include "asn1_locl.h"
72		72
73	const ASN1_ITEM ASN1_TIME_it = {	73	const ASN1_ITEM ASN1_TIME_it = {
74	.itype = ASN1_ITYPE_MSTRING,	74	.itype = ASN1_ITYPE_MSTRING,
@@ -135,11 +135,9 @@ ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, long offset_sec)
135	int	135	int
136	ASN1_TIME_check(ASN1_TIME *t)	136	ASN1_TIME_check(ASN1_TIME *t)
137	{	137	{
138	if (t->type == V_ASN1_GENERALIZEDTIME)	138	if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME)
139	return ASN1_GENERALIZEDTIME_check(t);	139	return 0;
140	else if (t->type == V_ASN1_UTCTIME)	140	return (t->type == asn1_time_parse(t->data, t->length, NULL, t->type));
141	return ASN1_UTCTIME_check(t);
142	return 0;
143	}	141	}
144		142
145	/* Convert an ASN1_TIME structure to GeneralizedTime */	143	/* Convert an ASN1_TIME structure to GeneralizedTime */
@@ -210,13 +208,12 @@ ASN1_TIME_set_string(ASN1_TIME s, const char str)
210	t.data = (unsigned char *)str;	208	t.data = (unsigned char *)str;
211	t.flags = 0;	209	t.flags = 0;
212		210
213	t.type = V_ASN1_UTCTIME;	211	t.type = asn1_time_parse(t.data, t.length, NULL, V_ASN1_UTCTIME);
214		212	if (t.type == -1)
215	if (!ASN1_TIME_check(&t)) {	213	t.type = asn1_time_parse(t.data, t.length, NULL,
216	t.type = V_ASN1_GENERALIZEDTIME;	214	V_ASN1_GENERALIZEDTIME);
217	if (!ASN1_TIME_check(&t))	215	if (t.type == -1)
218	return 0;	216	return 0;
219	}
220		217
221	if (s && !ASN1_STRING_copy((ASN1_STRING )s, (ASN1_STRING )&t))	218	if (s && !ASN1_STRING_copy((ASN1_STRING )s, (ASN1_STRING )&t))
222	return 0;	219	return 0;