diff options
Diffstat (limited to 'src/lib/libcrypto/ocsp/ocsp_cl.c')
| -rw-r--r-- | src/lib/libcrypto/ocsp/ocsp_cl.c | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_cl.c b/src/lib/libcrypto/ocsp/ocsp_cl.c index 86baed8724..40417973f5 100644 --- a/src/lib/libcrypto/ocsp/ocsp_cl.c +++ b/src/lib/libcrypto/ocsp/ocsp_cl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ocsp_cl.c,v 1.11 2016/07/16 16:14:28 beck Exp $ */ | 1 | /* $OpenBSD: ocsp_cl.c,v 1.12 2016/11/04 18:07:23 beck Exp $ */ |
| 2 | /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL | 2 | /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL |
| 3 | * project. */ | 3 | * project. */ |
| 4 | 4 | ||
| @@ -71,9 +71,6 @@ | |||
| 71 | #include <openssl/x509.h> | 71 | #include <openssl/x509.h> |
| 72 | #include <openssl/x509v3.h> | 72 | #include <openssl/x509v3.h> |
| 73 | 73 | ||
| 74 | int asn1_time_parse(const char *, size_t, struct tm *, int); | ||
| 75 | int asn1_tm_cmp(struct tm *, struct tm *); | ||
| 76 | |||
| 77 | /* Utility functions related to sending OCSP requests and extracting | 74 | /* Utility functions related to sending OCSP requests and extracting |
| 78 | * relevant information from the response. | 75 | * relevant information from the response. |
| 79 | */ | 76 | */ |
| @@ -342,7 +339,7 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, | |||
| 342 | */ | 339 | */ |
| 343 | 340 | ||
| 344 | /* Check thisUpdate is valid and not more than nsec in the future */ | 341 | /* Check thisUpdate is valid and not more than nsec in the future */ |
| 345 | if (asn1_time_parse(thisupd->data, thisupd->length, &tm_this, | 342 | if (ASN1_time_parse(thisupd->data, thisupd->length, &tm_this, |
| 346 | V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) { | 343 | V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) { |
| 347 | OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, | 344 | OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, |
| 348 | OCSP_R_ERROR_IN_THISUPDATE_FIELD); | 345 | OCSP_R_ERROR_IN_THISUPDATE_FIELD); |
| @@ -351,7 +348,7 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, | |||
| 351 | t_tmp = t_now + nsec; | 348 | t_tmp = t_now + nsec; |
| 352 | if (gmtime_r(&t_tmp, &tm_tmp) == NULL) | 349 | if (gmtime_r(&t_tmp, &tm_tmp) == NULL) |
| 353 | return 0; | 350 | return 0; |
| 354 | if (asn1_tm_cmp(&tm_this, &tm_tmp) > 0) { | 351 | if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) > 0) { |
| 355 | OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, | 352 | OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, |
| 356 | OCSP_R_STATUS_NOT_YET_VALID); | 353 | OCSP_R_STATUS_NOT_YET_VALID); |
| 357 | return 0; | 354 | return 0; |
| @@ -365,7 +362,7 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, | |||
| 365 | t_tmp = t_now - maxsec; | 362 | t_tmp = t_now - maxsec; |
| 366 | if (gmtime_r(&t_tmp, &tm_tmp) == NULL) | 363 | if (gmtime_r(&t_tmp, &tm_tmp) == NULL) |
| 367 | return 0; | 364 | return 0; |
| 368 | if (asn1_tm_cmp(&tm_this, &tm_tmp) < 0) { | 365 | if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) < 0) { |
| 369 | OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, | 366 | OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, |
| 370 | OCSP_R_STATUS_TOO_OLD); | 367 | OCSP_R_STATUS_TOO_OLD); |
| 371 | return 0; | 368 | return 0; |
| @@ -377,7 +374,7 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, | |||
| 377 | return 1; | 374 | return 1; |
| 378 | 375 | ||
| 379 | /* Check nextUpdate is valid and not more than nsec in the past */ | 376 | /* Check nextUpdate is valid and not more than nsec in the past */ |
| 380 | if (asn1_time_parse(nextupd->data, nextupd->length, &tm_next, | 377 | if (ASN1_time_parse(nextupd->data, nextupd->length, &tm_next, |
| 381 | V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) { | 378 | V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) { |
| 382 | OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, | 379 | OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, |
| 383 | OCSP_R_ERROR_IN_NEXTUPDATE_FIELD); | 380 | OCSP_R_ERROR_IN_NEXTUPDATE_FIELD); |
| @@ -386,7 +383,7 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, | |||
| 386 | t_tmp = t_now - nsec; | 383 | t_tmp = t_now - nsec; |
| 387 | if (gmtime_r(&t_tmp, &tm_tmp) == NULL) | 384 | if (gmtime_r(&t_tmp, &tm_tmp) == NULL) |
| 388 | return 0; | 385 | return 0; |
| 389 | if (asn1_tm_cmp(&tm_next, &tm_tmp) < 0) { | 386 | if (ASN1_time_tm_cmp(&tm_next, &tm_tmp) < 0) { |
| 390 | OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, | 387 | OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, |
| 391 | OCSP_R_STATUS_EXPIRED); | 388 | OCSP_R_STATUS_EXPIRED); |
| 392 | return 0; | 389 | return 0; |
| @@ -394,7 +391,7 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, | |||
| 394 | } | 391 | } |
| 395 | 392 | ||
| 396 | /* Also don't allow nextUpdate to precede thisUpdate */ | 393 | /* Also don't allow nextUpdate to precede thisUpdate */ |
| 397 | if (asn1_tm_cmp(&tm_next, &tm_this) < 0) { | 394 | if (ASN1_time_tm_cmp(&tm_next, &tm_this) < 0) { |
| 398 | OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, | 395 | OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, |
| 399 | OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE); | 396 | OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE); |
| 400 | return 0; | 397 | return 0; |