Make ASN1_TIME_set_string_X509 and ASN1_TIME_set_string match the man page

This makes it where people can't put dumb values in certs without trying harder, and changes the regress to test this. GENERALIZED times outside of the RFC5280 spec are required for OCSP but these should be constructed with the GENERALIZED time string setters. ok tb@
author: beck <> 2024-04-08 19:57:40 +0000
committer: beck <> 2024-04-08 19:57:40 +0000
commit: 9b894dc1e52d28085c180c2a2584f86b2cc867e0 (patch)
tree: 619c34426de3801d9a839cd449bde5dac9c734e7 /src/lib
parent: 7c47e205b5035b62d024838e10da7aa8d6858336 (diff)
download: openbsd-9b894dc1e52d28085c180c2a2584f86b2cc867e0.tar.gz
openbsd-9b894dc1e52d28085c180c2a2584f86b2cc867e0.tar.bz2
openbsd-9b894dc1e52d28085c180c2a2584f86b2cc867e0.zip
1 files changed, 14 insertions, 26 deletions
diff --git a/src/lib/libcrypto/asn1/a_time_tm.c b/src/lib/libcrypto/asn1/a_time_tm.c
index 986c1e735d..c8eabec08f 100644
--- a/src/lib/libcrypto/asn1/a_time_tm.c
+++ b/src/lib/libcrypto/asn1/a_time_tm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_time_tm.c,v 1.33 2024/03/02 09:10:42 tb Exp $ */
+/* $OpenBSD: a_time_tm.c,v 1.34 2024/04/08 19:57:40 beck Exp $ */
 /*
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
 *
@@ -160,15 +160,7 @@ tm_to_utctime(struct tm *tm, ASN1_TIME *atime)
 ASN1_TIME *
 tm_to_rfc5280_time(struct tm *tm, ASN1_TIME *atime)
 {
-        int year;
+        if (tm->tm_year >= 50 && tm->tm_year < 150)
-        year = tm->tm_year + 1900;
-        if (year < 1950 || year > 9999) {
-                ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
-                return (NULL);
-        }
-        if (year < 2050)
                return (tm_to_utctime(tm, atime));
        return (tm_to_gentime(tm, atime));
@@ -352,25 +344,21 @@ ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode)
 static int
 ASN1_TIME_set_string_internal(ASN1_TIME *s, const char *str, int mode)
 {
+        struct tm tm;
        int type;
-        char *tmp;
-        if ((type = ASN1_time_parse(str, strlen(str), NULL, mode)) == -1)
+        if ((type = ASN1_time_parse(str, strlen(str), &tm, mode)) == -1)
-                return (0);
-        if (mode != 0 && mode != type)
                return (0);
+        switch(mode) {
-        if (s == NULL)
+        case V_ASN1_UTCTIME:
-                return (1);
+                return (type == mode && tm_to_utctime(&tm, s) != NULL);
+        case V_ASN1_GENERALIZEDTIME:
-        if ((tmp = strdup(str)) == NULL)
+                return (type == mode && tm_to_gentime(&tm, s) != NULL);
+        case RFC5280:
+                return (tm_to_rfc5280_time(&tm, s) != NULL);
+        default:
                return (0);
-        free(s->data);
+        }
-        s->data = tmp;
-        s->length = strlen(tmp);
-        s->type = type;
-        return (1);
 }
 static ASN1_TIME *
@@ -448,7 +436,7 @@ LCRYPTO_ALIAS(ASN1_TIME_to_generalizedtime);
 int
 ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
 {
-        return (ASN1_TIME_set_string_internal(s, str, 0));
+        return (ASN1_TIME_set_string_internal(s, str, RFC5280));
 }
 LCRYPTO_ALIAS(ASN1_TIME_set_string);
author	beck <>	2024-04-08 19:57:40 +0000
committer	beck <>	2024-04-08 19:57:40 +0000
commit	9b894dc1e52d28085c180c2a2584f86b2cc867e0 (patch)
tree	619c34426de3801d9a839cd449bde5dac9c734e7 /src/lib
parent	7c47e205b5035b62d024838e10da7aa8d6858336 (diff)
download	openbsd-9b894dc1e52d28085c180c2a2584f86b2cc867e0.tar.gz openbsd-9b894dc1e52d28085c180c2a2584f86b2cc867e0.tar.bz2 openbsd-9b894dc1e52d28085c180c2a2584f86b2cc867e0.zip

diff --git a/src/lib/libcrypto/asn1/a_time_tm.c b/src/lib/libcrypto/asn1/a_time_tm.c index 986c1e735d..c8eabec08f 100644 --- a/src/lib/libcrypto/asn1/a_time_tm.c +++ b/src/lib/libcrypto/asn1/a_time_tm.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: a_time_tm.c,v 1.33 2024/03/02 09:10:42 tb Exp $ */	1	/* $OpenBSD: a_time_tm.c,v 1.34 2024/04/08 19:57:40 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -160,15 +160,7 @@ tm_to_utctime(struct tm tm, ASN1_TIME atime)
160	ASN1_TIME *	160	ASN1_TIME *
161	tm_to_rfc5280_time(struct tm tm, ASN1_TIME atime)	161	tm_to_rfc5280_time(struct tm tm, ASN1_TIME atime)
162	{	162	{
163	int year;	163	if (tm->tm_year >= 50 && tm->tm_year < 150)
164
165	year = tm->tm_year + 1900;
166	if (year < 1950 \|\| year > 9999) {
167	ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
168	return (NULL);
169	}
170
171	if (year < 2050)
172	return (tm_to_utctime(tm, atime));	164	return (tm_to_utctime(tm, atime));
173		165
174	return (tm_to_gentime(tm, atime));	166	return (tm_to_gentime(tm, atime));
@@ -352,25 +344,21 @@ ASN1_time_parse(const char bytes, size_t len, struct tm tm, int mode)
352	static int	344	static int
353	ASN1_TIME_set_string_internal(ASN1_TIME s, const char str, int mode)	345	ASN1_TIME_set_string_internal(ASN1_TIME s, const char str, int mode)
354	{	346	{
		347	struct tm tm;
355	int type;	348	int type;
356	char *tmp;
357		349
358	if ((type = ASN1_time_parse(str, strlen(str), NULL, mode)) == -1)	350	if ((type = ASN1_time_parse(str, strlen(str), &tm, mode)) == -1)
359	return (0);
360	if (mode != 0 && mode != type)
361	return (0);	351	return (0);
362		352	switch(mode) {
363	if (s == NULL)	353	case V_ASN1_UTCTIME:
364	return (1);	354	return (type == mode && tm_to_utctime(&tm, s) != NULL);
365		355	case V_ASN1_GENERALIZEDTIME:
366	if ((tmp = strdup(str)) == NULL)	356	return (type == mode && tm_to_gentime(&tm, s) != NULL);
		357	case RFC5280:
		358	return (tm_to_rfc5280_time(&tm, s) != NULL);
		359	default:
367	return (0);	360	return (0);
368	free(s->data);	361	}
369	s->data = tmp;
370	s->length = strlen(tmp);
371	s->type = type;
372
373	return (1);
374	}	362	}
375		363
376	static ASN1_TIME *	364	static ASN1_TIME *
@@ -448,7 +436,7 @@ LCRYPTO_ALIAS(ASN1_TIME_to_generalizedtime);
448	int	436	int
449	ASN1_TIME_set_string(ASN1_TIME s, const char str)	437	ASN1_TIME_set_string(ASN1_TIME s, const char str)
450	{	438	{
451	return (ASN1_TIME_set_string_internal(s, str, 0));	439	return (ASN1_TIME_set_string_internal(s, str, RFC5280));
452	}	440	}
453	LCRYPTO_ALIAS(ASN1_TIME_set_string);	441	LCRYPTO_ALIAS(ASN1_TIME_set_string);
454		442