2 files changed, 48 insertions, 48 deletions
diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c
index b0f023c9d2..235c0a8476 100644
--- a/src/lib/libcrypto/ts/ts_rsp_sign.c
+++ b/src/lib/libcrypto/ts/ts_rsp_sign.c
@@ -953,8 +953,9 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
        time_t time_sec = (time_t) sec;
        struct tm *tm = NULL;   
        char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
-        char *p = genTime_str;
+        char usecstr[TS_MAX_CLOCK_PRECISION_DIGITS + 2];
-        char *p_end = genTime_str + sizeof(genTime_str);
+        char *p;
+        int rv;
        if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
                goto err;
@@ -970,18 +971,7 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
         * meet the rfc3161 requirement: "GeneralizedTime syntax can include 
         * fraction-of-second details". 
         */                   
-        p += BIO_snprintf(p, p_end - p,
+        if (precision > 0) {
-                          "%04d%02d%02d%02d%02d%02d",
-                          tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, 
-                          tm->tm_hour, tm->tm_min, tm->tm_sec);
-        if (precision > 0)
-        {
-                /* Add fraction of seconds (leave space for dot and null). */
-                BIO_snprintf(p, 2 + precision, ".%ld", usec);
-                /* We cannot use the snprintf return value, 
-                   because it might have been truncated. */
-                p += strlen(p);
                /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides
                   the following restrictions for a DER-encoding, which OpenSSL
                   (specifically ASN1_GENERALIZEDTIME_check() function) doesn't 
@@ -993,16 +983,26 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
                   if the elements correspond to 0, they MUST be wholly
                   omitted, and the decimal point element also MUST be
                   omitted." */
-                /* Remove trailing zeros. The dot guarantees the exit
+                (void)snprintf(usecstr, sizeof(usecstr), ".%ld", usec);
-                   condition of this loop even if all the digits are zero. */
+                /* truncate and trim trailing 0 */
-                while (*--p == '0')
+                usecstr[precision + 1] = '\0';
-                        /* empty */;
+                p = usecstr + strlen(usecstr) - 1;
-                /* p points to either the dot or the last non-zero digit. */
+                while (p > usecstr && *p == '0')
-                if (*p != '.') ++p;
+                        *p-- = '\0';
-                }
+                /* if we've reached the beginning, delete the . too */
-        /* Add the trailing Z and the terminating null. */
+                if (p == usecstr)
-        *p++ = 'Z';
+                        *p = '\0';
-        *p++ = '\0';
+        } else {
+                /* empty */
+                usecstr[0] = '\0';
+        }
+        rv = snprintf(genTime_str, sizeof(genTime_str),
+            "%04d%02d%02d%02d%02d%02d%sZ",
+            tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, 
+            tm->tm_hour, tm->tm_min, tm->tm_sec, usecstr);
+        if (rv == -1 || rv >= sizeof(genTime_str))
+                goto err;
        /* Now call OpenSSL to check and set our genTime value */
        if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new()))
diff --git a/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c b/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c
index b0f023c9d2..235c0a8476 100644
--- a/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c
+++ b/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c
@@ -953,8 +953,9 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
        time_t time_sec = (time_t) sec;
        struct tm *tm = NULL;   
        char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
-        char *p = genTime_str;
+        char usecstr[TS_MAX_CLOCK_PRECISION_DIGITS + 2];
-        char *p_end = genTime_str + sizeof(genTime_str);
+        char *p;
+        int rv;
        if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
                goto err;
@@ -970,18 +971,7 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
         * meet the rfc3161 requirement: "GeneralizedTime syntax can include 
         * fraction-of-second details". 
         */                   
-        p += BIO_snprintf(p, p_end - p,
+        if (precision > 0) {
-                          "%04d%02d%02d%02d%02d%02d",
-                          tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, 
-                          tm->tm_hour, tm->tm_min, tm->tm_sec);
-        if (precision > 0)
-        {
-                /* Add fraction of seconds (leave space for dot and null). */
-                BIO_snprintf(p, 2 + precision, ".%ld", usec);
-                /* We cannot use the snprintf return value, 
-                   because it might have been truncated. */
-                p += strlen(p);
                /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides
                   the following restrictions for a DER-encoding, which OpenSSL
                   (specifically ASN1_GENERALIZEDTIME_check() function) doesn't 
@@ -993,16 +983,26 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
                   if the elements correspond to 0, they MUST be wholly
                   omitted, and the decimal point element also MUST be
                   omitted." */
-                /* Remove trailing zeros. The dot guarantees the exit
+                (void)snprintf(usecstr, sizeof(usecstr), ".%ld", usec);
-                   condition of this loop even if all the digits are zero. */
+                /* truncate and trim trailing 0 */
-                while (*--p == '0')
+                usecstr[precision + 1] = '\0';
-                        /* empty */;
+                p = usecstr + strlen(usecstr) - 1;
-                /* p points to either the dot or the last non-zero digit. */
+                while (p > usecstr && *p == '0')
-                if (*p != '.') ++p;
+                        *p-- = '\0';
-                }
+                /* if we've reached the beginning, delete the . too */
-        /* Add the trailing Z and the terminating null. */
+                if (p == usecstr)
-        *p++ = 'Z';
+                        *p = '\0';
-        *p++ = '\0';
+        } else {
+                /* empty */
+                usecstr[0] = '\0';
+        }
+        rv = snprintf(genTime_str, sizeof(genTime_str),
+            "%04d%02d%02d%02d%02d%02d%sZ",
+            tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, 
+            tm->tm_hour, tm->tm_min, tm->tm_sec, usecstr);
+        if (rv == -1 || rv >= sizeof(genTime_str))
+                goto err;
        /* Now call OpenSSL to check and set our genTime value */
        if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new()))

diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c index b0f023c9d2..235c0a8476 100644 --- a/src/lib/libcrypto/ts/ts_rsp_sign.c +++ b/src/lib/libcrypto/ts/ts_rsp_sign.c
@@ -953,8 +953,9 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
953	time_t time_sec = (time_t) sec;	953	time_t time_sec = (time_t) sec;
954	struct tm *tm = NULL;	954	struct tm *tm = NULL;
955	char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];	955	char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
956	char *p = genTime_str;	956	char usecstr[TS_MAX_CLOCK_PRECISION_DIGITS + 2];
957	char *p_end = genTime_str + sizeof(genTime_str);	957	char *p;
		958	int rv;
958		959
959	if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)	960	if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
960	goto err;	961	goto err;
@@ -970,18 +971,7 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
970	* meet the rfc3161 requirement: "GeneralizedTime syntax can include	971	* meet the rfc3161 requirement: "GeneralizedTime syntax can include
971	* fraction-of-second details".	972	* fraction-of-second details".
972	*/	973	*/
973	p += BIO_snprintf(p, p_end - p,	974	if (precision > 0) {
974	"%04d%02d%02d%02d%02d%02d",
975	tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
976	tm->tm_hour, tm->tm_min, tm->tm_sec);
977	if (precision > 0)
978	{
979	/* Add fraction of seconds (leave space for dot and null). */
980	BIO_snprintf(p, 2 + precision, ".%ld", usec);
981	/* We cannot use the snprintf return value,
982	because it might have been truncated. */
983	p += strlen(p);
984
985	/* To make things a bit harder, X.690 \| ISO/IEC 8825-1 provides	975	/* To make things a bit harder, X.690 \| ISO/IEC 8825-1 provides
986	the following restrictions for a DER-encoding, which OpenSSL	976	the following restrictions for a DER-encoding, which OpenSSL
987	(specifically ASN1_GENERALIZEDTIME_check() function) doesn't	977	(specifically ASN1_GENERALIZEDTIME_check() function) doesn't
@@ -993,16 +983,26 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
993	if the elements correspond to 0, they MUST be wholly	983	if the elements correspond to 0, they MUST be wholly
994	omitted, and the decimal point element also MUST be	984	omitted, and the decimal point element also MUST be
995	omitted." */	985	omitted." */
996	/* Remove trailing zeros. The dot guarantees the exit	986	(void)snprintf(usecstr, sizeof(usecstr), ".%ld", usec);
997	condition of this loop even if all the digits are zero. */	987	/* truncate and trim trailing 0 */
998	while (*--p == '0')	988	usecstr[precision + 1] = '\0';
999	/* empty */;	989	p = usecstr + strlen(usecstr) - 1;
1000	/* p points to either the dot or the last non-zero digit. */	990	while (p > usecstr && *p == '0')
1001	if (*p != '.') ++p;	991	*p-- = '\0';
1002	}	992	/* if we've reached the beginning, delete the . too */
1003	/* Add the trailing Z and the terminating null. */	993	if (p == usecstr)
1004	*p++ = 'Z';	994	*p = '\0';
1005	*p++ = '\0';	995
		996	} else {
		997	/* empty */
		998	usecstr[0] = '\0';
		999	}
		1000	rv = snprintf(genTime_str, sizeof(genTime_str),
		1001	"%04d%02d%02d%02d%02d%02d%sZ",
		1002	tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
		1003	tm->tm_hour, tm->tm_min, tm->tm_sec, usecstr);
		1004	if (rv == -1 \|\| rv >= sizeof(genTime_str))
		1005	goto err;
1006		1006
1007	/* Now call OpenSSL to check and set our genTime value */	1007	/* Now call OpenSSL to check and set our genTime value */
1008	if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new()))	1008	if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new()))


diff --git a/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c b/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c index b0f023c9d2..235c0a8476 100644 --- a/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c +++ b/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c
@@ -953,8 +953,9 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
953	time_t time_sec = (time_t) sec;	953	time_t time_sec = (time_t) sec;
954	struct tm *tm = NULL;	954	struct tm *tm = NULL;
955	char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];	955	char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
956	char *p = genTime_str;	956	char usecstr[TS_MAX_CLOCK_PRECISION_DIGITS + 2];
957	char *p_end = genTime_str + sizeof(genTime_str);	957	char *p;
		958	int rv;
958		959
959	if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)	960	if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
960	goto err;	961	goto err;
@@ -970,18 +971,7 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
970	* meet the rfc3161 requirement: "GeneralizedTime syntax can include	971	* meet the rfc3161 requirement: "GeneralizedTime syntax can include
971	* fraction-of-second details".	972	* fraction-of-second details".
972	*/	973	*/
973	p += BIO_snprintf(p, p_end - p,	974	if (precision > 0) {
974	"%04d%02d%02d%02d%02d%02d",
975	tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
976	tm->tm_hour, tm->tm_min, tm->tm_sec);
977	if (precision > 0)
978	{
979	/* Add fraction of seconds (leave space for dot and null). */
980	BIO_snprintf(p, 2 + precision, ".%ld", usec);
981	/* We cannot use the snprintf return value,
982	because it might have been truncated. */
983	p += strlen(p);
984
985	/* To make things a bit harder, X.690 \| ISO/IEC 8825-1 provides	975	/* To make things a bit harder, X.690 \| ISO/IEC 8825-1 provides
986	the following restrictions for a DER-encoding, which OpenSSL	976	the following restrictions for a DER-encoding, which OpenSSL
987	(specifically ASN1_GENERALIZEDTIME_check() function) doesn't	977	(specifically ASN1_GENERALIZEDTIME_check() function) doesn't
@@ -993,16 +983,26 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
993	if the elements correspond to 0, they MUST be wholly	983	if the elements correspond to 0, they MUST be wholly
994	omitted, and the decimal point element also MUST be	984	omitted, and the decimal point element also MUST be
995	omitted." */	985	omitted." */
996	/* Remove trailing zeros. The dot guarantees the exit	986	(void)snprintf(usecstr, sizeof(usecstr), ".%ld", usec);
997	condition of this loop even if all the digits are zero. */	987	/* truncate and trim trailing 0 */
998	while (*--p == '0')	988	usecstr[precision + 1] = '\0';
999	/* empty */;	989	p = usecstr + strlen(usecstr) - 1;
1000	/* p points to either the dot or the last non-zero digit. */	990	while (p > usecstr && *p == '0')
1001	if (*p != '.') ++p;	991	*p-- = '\0';
1002	}	992	/* if we've reached the beginning, delete the . too */
1003	/* Add the trailing Z and the terminating null. */	993	if (p == usecstr)
1004	*p++ = 'Z';	994	*p = '\0';
1005	*p++ = '\0';	995
		996	} else {
		997	/* empty */
		998	usecstr[0] = '\0';
		999	}
		1000	rv = snprintf(genTime_str, sizeof(genTime_str),
		1001	"%04d%02d%02d%02d%02d%02d%sZ",
		1002	tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
		1003	tm->tm_hour, tm->tm_min, tm->tm_sec, usecstr);
		1004	if (rv == -1 \|\| rv >= sizeof(genTime_str))
		1005	goto err;
1006		1006
1007	/* Now call OpenSSL to check and set our genTime value */	1007	/* Now call OpenSSL to check and set our genTime value */
1008	if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new()))	1008	if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new()))