diff options
| author | beck <> | 2015-10-02 15:04:45 +0000 |
|---|---|---|
| committer | beck <> | 2015-10-02 15:04:45 +0000 |
| commit | 61992d68f1934e7e4171e633f39fb76a4654b5a2 (patch) | |
| tree | 8649498e5e9fdda4e44ebac5989504efbcc57b61 /src/lib/libcrypto/asn1/a_utctm.c | |
| parent | 5951a0298417b41fc2a1fb4ad8a057fb9530e872 (diff) | |
| download | openbsd-61992d68f1934e7e4171e633f39fb76a4654b5a2.tar.gz openbsd-61992d68f1934e7e4171e633f39fb76a4654b5a2.tar.bz2 openbsd-61992d68f1934e7e4171e633f39fb76a4654b5a2.zip | |
Flense the greasy black guts of unreadble string parsing code out of three areas
in asn1 and x509 code, all dealing with an ASN1_TIME. This brings the parsing
together in one function that converts into a struct tm. While we are at it this
also brings us into conformance with RFC 5280 for times allowed in an X509 cert,
as OpenSSL is very liberal with what it allows.
input and fixes from deraadt@ jsing@ guethther@ and others.
ok krw@, guenther@, jsing@
Diffstat (limited to 'src/lib/libcrypto/asn1/a_utctm.c')
| -rw-r--r-- | src/lib/libcrypto/asn1/a_utctm.c | 80 |
1 files changed, 9 insertions, 71 deletions
diff --git a/src/lib/libcrypto/asn1/a_utctm.c b/src/lib/libcrypto/asn1/a_utctm.c index ca19a8c7a0..c208d494c3 100644 --- a/src/lib/libcrypto/asn1/a_utctm.c +++ b/src/lib/libcrypto/asn1/a_utctm.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: a_utctm.c,v 1.28 2015/09/30 18:26:07 jsing Exp $ */ | 1 | /* $OpenBSD: a_utctm.c,v 1.29 2015/10/02 15:04:45 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -64,66 +64,14 @@ | |||
| 64 | #include <openssl/err.h> | 64 | #include <openssl/err.h> |
| 65 | 65 | ||
| 66 | #include "o_time.h" | 66 | #include "o_time.h" |
| 67 | #include "asn1_locl.h" | ||
| 67 | 68 | ||
| 68 | int | 69 | int |
| 69 | ASN1_UTCTIME_check(ASN1_UTCTIME *d) | 70 | ASN1_UTCTIME_check(ASN1_UTCTIME *d) |
| 70 | { | 71 | { |
| 71 | static const int min[8] = {0, 1, 1, 0, 0, 0, 0, 0}; | ||
| 72 | static const int max[8] = {99, 12, 31, 23, 59, 59, 12, 59}; | ||
| 73 | char *a; | ||
| 74 | int n, i, l, o; | ||
| 75 | |||
| 76 | if (d->type != V_ASN1_UTCTIME) | 72 | if (d->type != V_ASN1_UTCTIME) |
| 77 | return (0); | 73 | return (0); |
| 78 | l = d->length; | 74 | return(d->type == asn1_time_parse(d->data, d->length, NULL, d->type)); |
| 79 | a = (char *)d->data; | ||
| 80 | o = 0; | ||
| 81 | |||
| 82 | if (l < 11) | ||
| 83 | |||
| 84 | goto err; | ||
| 85 | for (i = 0; i < 6; i++) { | ||
| 86 | if ((i == 5) && ((a[o] == 'Z') || | ||
| 87 | (a[o] == '+') || (a[o] == '-'))) { | ||
| 88 | i++; | ||
| 89 | break; | ||
| 90 | } | ||
| 91 | if ((a[o] < '0') || (a[o] > '9')) | ||
| 92 | goto err; | ||
| 93 | n = a[o]-'0'; | ||
| 94 | if (++o > l) | ||
| 95 | goto err; | ||
| 96 | if ((a[o] < '0') || (a[o] > '9')) | ||
| 97 | goto err; | ||
| 98 | n = (n * 10) + a[o] - '0'; | ||
| 99 | if (++o > l) | ||
| 100 | goto err; | ||
| 101 | if ((n < min[i]) || (n > max[i])) | ||
| 102 | goto err; | ||
| 103 | } | ||
| 104 | if (a[o] == 'Z') | ||
| 105 | o++; | ||
| 106 | else if ((a[o] == '+') || (a[o] == '-')) { | ||
| 107 | o++; | ||
| 108 | if (o + 4 > l) | ||
| 109 | goto err; | ||
| 110 | for (i = 6; i < 8; i++) { | ||
| 111 | if ((a[o] < '0') || (a[o] > '9')) | ||
| 112 | goto err; | ||
| 113 | n = a[o] -'0'; | ||
| 114 | o++; | ||
| 115 | if ((a[o] < '0') || (a[o] > '9')) | ||
| 116 | goto err; | ||
| 117 | n = (n * 10) + a[o] - '0'; | ||
| 118 | if ((n < min[i]) || (n > max[i])) | ||
| 119 | goto err; | ||
| 120 | o++; | ||
| 121 | } | ||
| 122 | } | ||
| 123 | return (o == l); | ||
| 124 | |||
| 125 | err: | ||
| 126 | return (0); | ||
| 127 | } | 75 | } |
| 128 | 76 | ||
| 129 | int | 77 | int |
| @@ -159,7 +107,6 @@ ASN1_UTCTIME_adj_internal(ASN1_UTCTIME *s, time_t t, int offset_day, | |||
| 159 | char *p; | 107 | char *p; |
| 160 | struct tm *ts; | 108 | struct tm *ts; |
| 161 | struct tm data; | 109 | struct tm data; |
| 162 | size_t len = 20; | ||
| 163 | 110 | ||
| 164 | ts = gmtime_r(&t, &data); | 111 | ts = gmtime_r(&t, &data); |
| 165 | if (ts == NULL) | 112 | if (ts == NULL) |
| @@ -170,23 +117,14 @@ ASN1_UTCTIME_adj_internal(ASN1_UTCTIME *s, time_t t, int offset_day, | |||
| 170 | return NULL; | 117 | return NULL; |
| 171 | } | 118 | } |
| 172 | 119 | ||
| 173 | if ((ts->tm_year < 50) || (ts->tm_year >= 150)) | 120 | if ((p = utctime_string_from_tm(ts)) == NULL) { |
| 174 | return NULL; | 121 | ASN1err(ASN1_F_ASN1_UTCTIME_ADJ, ERR_R_MALLOC_FAILURE); |
| 175 | 122 | return (NULL); | |
| 176 | p = (char *)s->data; | ||
| 177 | if ((p == NULL) || ((size_t)s->length < len)) { | ||
| 178 | p = malloc(len); | ||
| 179 | if (p == NULL) { | ||
| 180 | ASN1err(ASN1_F_ASN1_UTCTIME_ADJ, ERR_R_MALLOC_FAILURE); | ||
| 181 | return (NULL); | ||
| 182 | } | ||
| 183 | free(s->data); | ||
| 184 | s->data = (unsigned char *)p; | ||
| 185 | } | 123 | } |
| 186 | 124 | free(s->data); | |
| 187 | snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", ts->tm_year % 100, | 125 | s->data = p; |
| 188 | ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, ts->tm_sec); | ||
| 189 | s->length = strlen(p); | 126 | s->length = strlen(p); |
| 127 | |||
| 190 | s->type = V_ASN1_UTCTIME; | 128 | s->type = V_ASN1_UTCTIME; |
| 191 | return (s); | 129 | return (s); |
| 192 | } | 130 | } |