summaryrefslogtreecommitdiff
path: root/src/regress/lib
diff options
context:
space:
mode:
authorbeck <>2024-04-08 19:57:40 +0000
committerbeck <>2024-04-08 19:57:40 +0000
commit9b894dc1e52d28085c180c2a2584f86b2cc867e0 (patch)
tree619c34426de3801d9a839cd449bde5dac9c734e7 /src/regress/lib
parent7c47e205b5035b62d024838e10da7aa8d6858336 (diff)
downloadopenbsd-9b894dc1e52d28085c180c2a2584f86b2cc867e0.tar.gz
openbsd-9b894dc1e52d28085c180c2a2584f86b2cc867e0.tar.bz2
openbsd-9b894dc1e52d28085c180c2a2584f86b2cc867e0.zip
Make ASN1_TIME_set_string_X509 and ASN1_TIME_set_string match the man page
This makes it where people can't put dumb values in certs without trying harder, and changes the regress to test this. GENERALIZED times outside of the RFC5280 spec are required for OCSP but these should be constructed with the GENERALIZED time string setters. ok tb@
Diffstat (limited to 'src/regress/lib')
-rw-r--r--src/regress/lib/libcrypto/asn1/asn1time.c50
-rw-r--r--src/regress/lib/libcrypto/asn1/rfc5280time.c9
2 files changed, 46 insertions, 13 deletions
diff --git a/src/regress/lib/libcrypto/asn1/asn1time.c b/src/regress/lib/libcrypto/asn1/asn1time.c
index 8208fcd1c0..7cc6df8a1a 100644
--- a/src/regress/lib/libcrypto/asn1/asn1time.c
+++ b/src/regress/lib/libcrypto/asn1/asn1time.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: asn1time.c,v 1.25 2024/02/18 22:17:01 tb Exp $ */ 1/* $OpenBSD: asn1time.c,v 1.26 2024/04/08 19:57:40 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2024 Google Inc. 4 * Copyright (c) 2024 Google Inc.
@@ -420,6 +420,7 @@ static int
420asn1_time_test(int test_no, const struct asn1_time_test *att, int type) 420asn1_time_test(int test_no, const struct asn1_time_test *att, int type)
421{ 421{
422 ASN1_TIME *t = NULL, *tx509 = NULL; 422 ASN1_TIME *t = NULL, *tx509 = NULL;
423 char *parsed_time = NULL;
423 int failure = 1; 424 int failure = 1;
424 425
425 if (ASN1_TIME_set_string(NULL, att->str) != 1) { 426 if (ASN1_TIME_set_string(NULL, att->str) != 1) {
@@ -434,9 +435,27 @@ asn1_time_test(int test_no, const struct asn1_time_test *att, int type)
434 if ((tx509 = ASN1_TIME_new()) == NULL) 435 if ((tx509 = ASN1_TIME_new()) == NULL)
435 goto done; 436 goto done;
436 437
437 if (ASN1_TIME_set_string(t, att->str) != 1) { 438 switch (strlen(att->str)) {
438 fprintf(stderr, "FAIL: test %d - failed to set string '%s'\n", 439 case 13:
439 test_no, att->str); 440 t->type = V_ASN1_UTCTIME;
441 if (ASN1_UTCTIME_set_string(t, att->str) != 1) {
442 fprintf(stderr, "FAIL: test %d - failed to set utc "
443 "string '%s'\n",
444 test_no, att->str);
445 goto done;
446 }
447 break;
448 case 15:
449 t->type = V_ASN1_GENERALIZEDTIME;
450 if (ASN1_GENERALIZEDTIME_set_string(t, att->str) != 1) {
451 fprintf(stderr, "FAIL: test %d - failed to set gen "
452 "string '%s'\n",
453 test_no, att->str);
454 goto done;
455 }
456 break;
457 default:
458 fprintf(stderr, "FAIL: unknown type\n");
440 goto done; 459 goto done;
441 } 460 }
442 461
@@ -446,13 +465,33 @@ asn1_time_test(int test_no, const struct asn1_time_test *att, int type)
446 goto done; 465 goto done;
447 } 466 }
448 467
468 if ((parsed_time = strdup(t->data)) == NULL)
469 goto done;
470
449 if (ASN1_TIME_normalize(t) != 1) { 471 if (ASN1_TIME_normalize(t) != 1) {
450 fprintf(stderr, "FAIL: test %d - failed to set normalize '%s'\n", 472 fprintf(stderr, "FAIL: test %d - failed to set normalize '%s'\n",
451 test_no, att->str); 473 test_no, att->str);
452 goto done; 474 goto done;
453 } 475 }
454 476
455 if (ASN1_TIME_set_string_X509(tx509, t->data) != 1) { 477 if (ASN1_TIME_set_string_X509(tx509, parsed_time) != 1) {
478 fprintf(stderr, "FAIL: test %d - failed to set string X509 '%s'\n",
479 test_no, t->data);
480 goto done;
481 }
482
483 if (t->type != tx509->type) {
484 fprintf(stderr, "FAIL: test %d - type %d, different from %d\n",
485 test_no, t->type, tx509->type);
486 goto done;
487 }
488
489 if (ASN1_TIME_compare(t, tx509) != 0) {
490 fprintf(stderr, "FAIL: ASN1_TIME values differ!\n");
491 goto done;
492 }
493
494 if (ASN1_TIME_set_string(tx509, parsed_time) != 1) {
456 fprintf(stderr, "FAIL: test %d - failed to set string X509 '%s'\n", 495 fprintf(stderr, "FAIL: test %d - failed to set string X509 '%s'\n",
457 test_no, t->data); 496 test_no, t->data);
458 goto done; 497 goto done;
@@ -476,6 +515,7 @@ asn1_time_test(int test_no, const struct asn1_time_test *att, int type)
476 515
477 ASN1_TIME_free(t); 516 ASN1_TIME_free(t);
478 ASN1_TIME_free(tx509); 517 ASN1_TIME_free(tx509);
518 free(parsed_time);
479 519
480 return (failure); 520 return (failure);
481} 521}
diff --git a/src/regress/lib/libcrypto/asn1/rfc5280time.c b/src/regress/lib/libcrypto/asn1/rfc5280time.c
index 7a44a30e88..c57cac1463 100644
--- a/src/regress/lib/libcrypto/asn1/rfc5280time.c
+++ b/src/regress/lib/libcrypto/asn1/rfc5280time.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rfc5280time.c,v 1.7 2022/09/05 21:12:08 tb Exp $ */ 1/* $OpenBSD: rfc5280time.c,v 1.8 2024/04/08 19:57:40 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2015 Bob Beck <beck@opebsd.org> 4 * Copyright (c) 2015 Bob Beck <beck@opebsd.org>
@@ -234,13 +234,6 @@ rfc5280_invtime_test(int test_no, struct rfc5280_time_test *att)
234 goto done; 234 goto done;
235 } 235 }
236 } 236 }
237 if (ASN1_TIME_set_string(t, att->str) != 0) {
238 if (X509_cmp_time(t, &now) != 0) {
239 fprintf(stderr, "FAIL: test %d - successfully parsed as UTCTIME "
240 "string '%s'\n", test_no, att->str);
241 goto done;
242 }
243 }
244 237
245 failure = 0; 238 failure = 0;
246 239