summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/ts/ts_rsp_sign.c47
-rw-r--r--src/lib/libssl/src/crypto/ts/ts_rsp_sign.c47
2 files changed, 42 insertions, 52 deletions
diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c
index a6ce1796c6..b0f023c9d2 100644
--- a/src/lib/libcrypto/ts/ts_rsp_sign.c
+++ b/src/lib/libcrypto/ts/ts_rsp_sign.c
@@ -953,8 +953,8 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
953 time_t time_sec = (time_t) sec; 953 time_t time_sec = (time_t) sec;
954 struct tm *tm = NULL; 954 struct tm *tm = NULL;
955 char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; 955 char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
956 char *p; 956 char *p = genTime_str;
957 int rv; 957 char *p_end = genTime_str + sizeof(genTime_str);
958 958
959 if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) 959 if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
960 goto err; 960 goto err;
@@ -970,13 +970,18 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
970 * meet the rfc3161 requirement: "GeneralizedTime syntax can include 970 * meet the rfc3161 requirement: "GeneralizedTime syntax can include
971 * fraction-of-second details". 971 * fraction-of-second details".
972 */ 972 */
973 if (precision > 0) { 973 p += BIO_snprintf(p, p_end - p,
974 rv = snprintf(genTime_str, sizeof(genTime_str), 974 "%04d%02d%02d%02d%02d%02d",
975 "%04d%02d%02d%02d%02d%02d.%ldZ",
976 tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, 975 tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
977 tm->tm_hour, tm->tm_min, tm->tm_sec, usec); 976 tm->tm_hour, tm->tm_min, tm->tm_sec);
978 if (rv == -1 || rv >= sizeof(genTime_str)) 977 if (precision > 0)
979 goto err; 978 {
979 /* Add fraction of seconds (leave space for dot and null). */
980 BIO_snprintf(p, 2 + precision, ".%ld", usec);
981 /* We cannot use the snprintf return value,
982 because it might have been truncated. */
983 p += strlen(p);
984
980 /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides 985 /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides
981 the following restrictions for a DER-encoding, which OpenSSL 986 the following restrictions for a DER-encoding, which OpenSSL
982 (specifically ASN1_GENERALIZEDTIME_check() function) doesn't 987 (specifically ASN1_GENERALIZEDTIME_check() function) doesn't
@@ -990,24 +995,14 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
990 omitted." */ 995 omitted." */
991 /* Remove trailing zeros. The dot guarantees the exit 996 /* Remove trailing zeros. The dot guarantees the exit
992 condition of this loop even if all the digits are zero. */ 997 condition of this loop even if all the digits are zero. */
993 p = strchr(genTime_str, 'Z'); 998 while (*--p == '0')
994 p--; /* move back in front of Z */ 999 /* empty */;
995 /* pass over 0s */ 1000 /* p points to either the dot or the last non-zero digit. */
996 while (*p == '0') 1001 if (*p != '.') ++p;
997 p--; 1002 }
998 /* if we're not at . we're at an interesting digit */ 1003 /* Add the trailing Z and the terminating null. */
999 if (*p != '.') 1004 *p++ = 'Z';
1000 p++; 1005 *p++ = '\0';
1001 *p++ = 'Z';
1002 *p = 0;
1003 } else {
1004 rv = snprintf(genTime_str, sizeof(genTime_str),
1005 "%04d%02d%02d%02d%02d%02dZ",
1006 tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
1007 tm->tm_hour, tm->tm_min, tm->tm_sec);
1008 if (rv == -1 || rv >= sizeof(genTime_str))
1009 goto err;
1010 }
1011 1006
1012 /* Now call OpenSSL to check and set our genTime value */ 1007 /* Now call OpenSSL to check and set our genTime value */
1013 if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) 1008 if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new()))
diff --git a/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c b/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c
index a6ce1796c6..b0f023c9d2 100644
--- a/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c
+++ b/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c
@@ -953,8 +953,8 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
953 time_t time_sec = (time_t) sec; 953 time_t time_sec = (time_t) sec;
954 struct tm *tm = NULL; 954 struct tm *tm = NULL;
955 char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; 955 char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
956 char *p; 956 char *p = genTime_str;
957 int rv; 957 char *p_end = genTime_str + sizeof(genTime_str);
958 958
959 if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) 959 if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
960 goto err; 960 goto err;
@@ -970,13 +970,18 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
970 * meet the rfc3161 requirement: "GeneralizedTime syntax can include 970 * meet the rfc3161 requirement: "GeneralizedTime syntax can include
971 * fraction-of-second details". 971 * fraction-of-second details".
972 */ 972 */
973 if (precision > 0) { 973 p += BIO_snprintf(p, p_end - p,
974 rv = snprintf(genTime_str, sizeof(genTime_str), 974 "%04d%02d%02d%02d%02d%02d",
975 "%04d%02d%02d%02d%02d%02d.%ldZ",
976 tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, 975 tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
977 tm->tm_hour, tm->tm_min, tm->tm_sec, usec); 976 tm->tm_hour, tm->tm_min, tm->tm_sec);
978 if (rv == -1 || rv >= sizeof(genTime_str)) 977 if (precision > 0)
979 goto err; 978 {
979 /* Add fraction of seconds (leave space for dot and null). */
980 BIO_snprintf(p, 2 + precision, ".%ld", usec);
981 /* We cannot use the snprintf return value,
982 because it might have been truncated. */
983 p += strlen(p);
984
980 /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides 985 /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides
981 the following restrictions for a DER-encoding, which OpenSSL 986 the following restrictions for a DER-encoding, which OpenSSL
982 (specifically ASN1_GENERALIZEDTIME_check() function) doesn't 987 (specifically ASN1_GENERALIZEDTIME_check() function) doesn't
@@ -990,24 +995,14 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
990 omitted." */ 995 omitted." */
991 /* Remove trailing zeros. The dot guarantees the exit 996 /* Remove trailing zeros. The dot guarantees the exit
992 condition of this loop even if all the digits are zero. */ 997 condition of this loop even if all the digits are zero. */
993 p = strchr(genTime_str, 'Z'); 998 while (*--p == '0')
994 p--; /* move back in front of Z */ 999 /* empty */;
995 /* pass over 0s */ 1000 /* p points to either the dot or the last non-zero digit. */
996 while (*p == '0') 1001 if (*p != '.') ++p;
997 p--; 1002 }
998 /* if we're not at . we're at an interesting digit */ 1003 /* Add the trailing Z and the terminating null. */
999 if (*p != '.') 1004 *p++ = 'Z';
1000 p++; 1005 *p++ = '\0';
1001 *p++ = 'Z';
1002 *p = 0;
1003 } else {
1004 rv = snprintf(genTime_str, sizeof(genTime_str),
1005 "%04d%02d%02d%02d%02d%02dZ",
1006 tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
1007 tm->tm_hour, tm->tm_min, tm->tm_sec);
1008 if (rv == -1 || rv >= sizeof(genTime_str))
1009 goto err;
1010 }
1011 1006
1012 /* Now call OpenSSL to check and set our genTime value */ 1007 /* Now call OpenSSL to check and set our genTime value */
1013 if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) 1008 if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new()))
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-07 10:34:57 +0000