3 files changed, 60 insertions, 39 deletions
diff --git a/src/lib/libcrypto/asn1/a_time_tm.c b/src/lib/libcrypto/asn1/a_time_tm.c
index 986c1e735d..c8eabec08f 100644
--- a/src/lib/libcrypto/asn1/a_time_tm.c
+++ b/src/lib/libcrypto/asn1/a_time_tm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_time_tm.c,v 1.33 2024/03/02 09:10:42 tb Exp $ */
+/* $OpenBSD: a_time_tm.c,v 1.34 2024/04/08 19:57:40 beck Exp $ */
 /*
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
 *
@@ -160,15 +160,7 @@ tm_to_utctime(struct tm *tm, ASN1_TIME *atime)
 ASN1_TIME *
 tm_to_rfc5280_time(struct tm *tm, ASN1_TIME *atime)
 {
-        int year;
+        if (tm->tm_year >= 50 && tm->tm_year < 150)
-        year = tm->tm_year + 1900;
-        if (year < 1950 || year > 9999) {
-                ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
-                return (NULL);
-        }
-        if (year < 2050)
                return (tm_to_utctime(tm, atime));
        return (tm_to_gentime(tm, atime));
@@ -352,25 +344,21 @@ ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode)
 static int
 ASN1_TIME_set_string_internal(ASN1_TIME *s, const char *str, int mode)
 {
+        struct tm tm;
        int type;
-        char *tmp;
-        if ((type = ASN1_time_parse(str, strlen(str), NULL, mode)) == -1)
+        if ((type = ASN1_time_parse(str, strlen(str), &tm, mode)) == -1)
-                return (0);
-        if (mode != 0 && mode != type)
                return (0);
+        switch(mode) {
-        if (s == NULL)
+        case V_ASN1_UTCTIME:
-                return (1);
+                return (type == mode && tm_to_utctime(&tm, s) != NULL);
+        case V_ASN1_GENERALIZEDTIME:
-        if ((tmp = strdup(str)) == NULL)
+                return (type == mode && tm_to_gentime(&tm, s) != NULL);
+        case RFC5280:
+                return (tm_to_rfc5280_time(&tm, s) != NULL);
+        default:
                return (0);
-        free(s->data);
+        }
-        s->data = tmp;
-        s->length = strlen(tmp);
-        s->type = type;
-        return (1);
 }
 static ASN1_TIME *
@@ -448,7 +436,7 @@ LCRYPTO_ALIAS(ASN1_TIME_to_generalizedtime);
 int
 ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
 {
-        return (ASN1_TIME_set_string_internal(s, str, 0));
+        return (ASN1_TIME_set_string_internal(s, str, RFC5280));
 }
 LCRYPTO_ALIAS(ASN1_TIME_set_string);
diff --git a/src/regress/lib/libcrypto/asn1/asn1time.c b/src/regress/lib/libcrypto/asn1/asn1time.c
index 8208fcd1c0..7cc6df8a1a 100644
--- a/src/regress/lib/libcrypto/asn1/asn1time.c
+++ b/src/regress/lib/libcrypto/asn1/asn1time.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1time.c,v 1.25 2024/02/18 22:17:01 tb Exp $ */
+/* $OpenBSD: asn1time.c,v 1.26 2024/04/08 19:57:40 beck Exp $ */
 /*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2024 Google Inc.
@@ -420,6 +420,7 @@ static int
 asn1_time_test(int test_no, const struct asn1_time_test *att, int type)
 {
        ASN1_TIME *t = NULL, *tx509 = NULL;
+        char *parsed_time = NULL;
        int failure = 1;
        if (ASN1_TIME_set_string(NULL, att->str) != 1) {
@@ -434,9 +435,27 @@ asn1_time_test(int test_no, const struct asn1_time_test *att, int type)
        if ((tx509 = ASN1_TIME_new()) == NULL)
                goto done;
-        if (ASN1_TIME_set_string(t, att->str) != 1) {
+        switch (strlen(att->str)) {
-                fprintf(stderr, "FAIL: test %d - failed to set string '%s'\n",
+        case 13:
-                    test_no, att->str);
+                t->type = V_ASN1_UTCTIME;
+                if (ASN1_UTCTIME_set_string(t, att->str) != 1) {
+                        fprintf(stderr, "FAIL: test %d - failed to set utc "
+                            "string '%s'\n",
+                            test_no, att->str);
+                        goto done;
+                }
+                break;
+        case 15:
+                t->type = V_ASN1_GENERALIZEDTIME;
+                if (ASN1_GENERALIZEDTIME_set_string(t, att->str) != 1) {
+                        fprintf(stderr, "FAIL: test %d - failed to set gen "
+                            "string '%s'\n",
+                            test_no, att->str);
+                        goto done;
+                }
+                break;
+        default:
+                fprintf(stderr, "FAIL: unknown type\n");
                goto done;
        }
@@ -446,13 +465,33 @@ asn1_time_test(int test_no, const struct asn1_time_test *att, int type)
                goto done;
        }
+        if ((parsed_time = strdup(t->data)) == NULL)
+                goto done;
        if (ASN1_TIME_normalize(t) != 1) {
                fprintf(stderr, "FAIL: test %d - failed to set normalize '%s'\n",
                    test_no, att->str);
                goto done;
        }
-        if (ASN1_TIME_set_string_X509(tx509, t->data) != 1) {
+        if (ASN1_TIME_set_string_X509(tx509, parsed_time) != 1) {
+                fprintf(stderr, "FAIL: test %d - failed to set string X509 '%s'\n",
+                    test_no, t->data);
+                goto done;
+        }
+        if (t->type != tx509->type) {
+                fprintf(stderr, "FAIL: test %d - type %d, different from %d\n",
+                    test_no, t->type, tx509->type);
+                goto done;
+        }
+        if (ASN1_TIME_compare(t, tx509) != 0) {
+                fprintf(stderr, "FAIL: ASN1_TIME values differ!\n");
+                goto done;
+        }
+        if (ASN1_TIME_set_string(tx509, parsed_time) != 1) {
                fprintf(stderr, "FAIL: test %d - failed to set string X509 '%s'\n",
                    test_no, t->data);
                goto done;
@@ -476,6 +515,7 @@ asn1_time_test(int test_no, const struct asn1_time_test *att, int type)
        ASN1_TIME_free(t);
        ASN1_TIME_free(tx509);
+        free(parsed_time);
        return (failure);
 }
diff --git a/src/regress/lib/libcrypto/asn1/rfc5280time.c b/src/regress/lib/libcrypto/asn1/rfc5280time.c
index 7a44a30e88..c57cac1463 100644
--- a/src/regress/lib/libcrypto/asn1/rfc5280time.c
+++ b/src/regress/lib/libcrypto/asn1/rfc5280time.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rfc5280time.c,v 1.7 2022/09/05 21:12:08 tb Exp $ */
+/* $OpenBSD: rfc5280time.c,v 1.8 2024/04/08 19:57:40 beck Exp $ */
 /*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Bob Beck <beck@opebsd.org>
@@ -234,13 +234,6 @@ rfc5280_invtime_test(int test_no, struct rfc5280_time_test *att)
                        goto done;
                }
        }
-        if (ASN1_TIME_set_string(t, att->str) != 0) {
-                if (X509_cmp_time(t, &now) != 0) {
-                        fprintf(stderr, "FAIL: test %d - successfully parsed as UTCTIME "
-                            "string '%s'\n", test_no, att->str);
-                        goto done;
-                }
-        }
        failure = 0;

diff --git a/src/lib/libcrypto/asn1/a_time_tm.c b/src/lib/libcrypto/asn1/a_time_tm.c index 986c1e735d..c8eabec08f 100644 --- a/src/lib/libcrypto/asn1/a_time_tm.c +++ b/src/lib/libcrypto/asn1/a_time_tm.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: a_time_tm.c,v 1.33 2024/03/02 09:10:42 tb Exp $ */	1	/* $OpenBSD: a_time_tm.c,v 1.34 2024/04/08 19:57:40 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -160,15 +160,7 @@ tm_to_utctime(struct tm tm, ASN1_TIME atime)
160	ASN1_TIME *	160	ASN1_TIME *
161	tm_to_rfc5280_time(struct tm tm, ASN1_TIME atime)	161	tm_to_rfc5280_time(struct tm tm, ASN1_TIME atime)
162	{	162	{
163	int year;	163	if (tm->tm_year >= 50 && tm->tm_year < 150)
164
165	year = tm->tm_year + 1900;
166	if (year < 1950 \|\| year > 9999) {
167	ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
168	return (NULL);
169	}
170
171	if (year < 2050)
172	return (tm_to_utctime(tm, atime));	164	return (tm_to_utctime(tm, atime));
173		165
174	return (tm_to_gentime(tm, atime));	166	return (tm_to_gentime(tm, atime));
@@ -352,25 +344,21 @@ ASN1_time_parse(const char bytes, size_t len, struct tm tm, int mode)
352	static int	344	static int
353	ASN1_TIME_set_string_internal(ASN1_TIME s, const char str, int mode)	345	ASN1_TIME_set_string_internal(ASN1_TIME s, const char str, int mode)
354	{	346	{
		347	struct tm tm;
355	int type;	348	int type;
356	char *tmp;
357		349
358	if ((type = ASN1_time_parse(str, strlen(str), NULL, mode)) == -1)	350	if ((type = ASN1_time_parse(str, strlen(str), &tm, mode)) == -1)
359	return (0);
360	if (mode != 0 && mode != type)
361	return (0);	351	return (0);
362		352	switch(mode) {
363	if (s == NULL)	353	case V_ASN1_UTCTIME:
364	return (1);	354	return (type == mode && tm_to_utctime(&tm, s) != NULL);
365		355	case V_ASN1_GENERALIZEDTIME:
366	if ((tmp = strdup(str)) == NULL)	356	return (type == mode && tm_to_gentime(&tm, s) != NULL);
		357	case RFC5280:
		358	return (tm_to_rfc5280_time(&tm, s) != NULL);
		359	default:
367	return (0);	360	return (0);
368	free(s->data);	361	}
369	s->data = tmp;
370	s->length = strlen(tmp);
371	s->type = type;
372
373	return (1);
374	}	362	}
375		363
376	static ASN1_TIME *	364	static ASN1_TIME *
@@ -448,7 +436,7 @@ LCRYPTO_ALIAS(ASN1_TIME_to_generalizedtime);
448	int	436	int
449	ASN1_TIME_set_string(ASN1_TIME s, const char str)	437	ASN1_TIME_set_string(ASN1_TIME s, const char str)
450	{	438	{
451	return (ASN1_TIME_set_string_internal(s, str, 0));	439	return (ASN1_TIME_set_string_internal(s, str, RFC5280));
452	}	440	}
453	LCRYPTO_ALIAS(ASN1_TIME_set_string);	441	LCRYPTO_ALIAS(ASN1_TIME_set_string);
454		442


diff --git a/src/regress/lib/libcrypto/asn1/asn1time.c b/src/regress/lib/libcrypto/asn1/asn1time.c index 8208fcd1c0..7cc6df8a1a 100644 --- a/src/regress/lib/libcrypto/asn1/asn1time.c +++ b/src/regress/lib/libcrypto/asn1/asn1time.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: asn1time.c,v 1.25 2024/02/18 22:17:01 tb Exp $ */	1	/* $OpenBSD: asn1time.c,v 1.26 2024/04/08 19:57:40 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2024 Google Inc.	4	* Copyright (c) 2024 Google Inc.
@@ -420,6 +420,7 @@ static int
420	asn1_time_test(int test_no, const struct asn1_time_test *att, int type)	420	asn1_time_test(int test_no, const struct asn1_time_test *att, int type)
421	{	421	{
422	ASN1_TIME t = NULL, tx509 = NULL;	422	ASN1_TIME t = NULL, tx509 = NULL;
		423	char *parsed_time = NULL;
423	int failure = 1;	424	int failure = 1;
424		425
425	if (ASN1_TIME_set_string(NULL, att->str) != 1) {	426	if (ASN1_TIME_set_string(NULL, att->str) != 1) {
@@ -434,9 +435,27 @@ asn1_time_test(int test_no, const struct asn1_time_test *att, int type)
434	if ((tx509 = ASN1_TIME_new()) == NULL)	435	if ((tx509 = ASN1_TIME_new()) == NULL)
435	goto done;	436	goto done;
436		437
437	if (ASN1_TIME_set_string(t, att->str) != 1) {	438	switch (strlen(att->str)) {
438	fprintf(stderr, "FAIL: test %d - failed to set string '%s'\n",	439	case 13:
439	test_no, att->str);	440	t->type = V_ASN1_UTCTIME;
		441	if (ASN1_UTCTIME_set_string(t, att->str) != 1) {
		442	fprintf(stderr, "FAIL: test %d - failed to set utc "
		443	"string '%s'\n",
		444	test_no, att->str);
		445	goto done;
		446	}
		447	break;
		448	case 15:
		449	t->type = V_ASN1_GENERALIZEDTIME;
		450	if (ASN1_GENERALIZEDTIME_set_string(t, att->str) != 1) {
		451	fprintf(stderr, "FAIL: test %d - failed to set gen "
		452	"string '%s'\n",
		453	test_no, att->str);
		454	goto done;
		455	}
		456	break;
		457	default:
		458	fprintf(stderr, "FAIL: unknown type\n");
440	goto done;	459	goto done;
441	}	460	}
442		461
@@ -446,13 +465,33 @@ asn1_time_test(int test_no, const struct asn1_time_test *att, int type)
446	goto done;	465	goto done;
447	}	466	}
448		467
		468	if ((parsed_time = strdup(t->data)) == NULL)
		469	goto done;
		470
449	if (ASN1_TIME_normalize(t) != 1) {	471	if (ASN1_TIME_normalize(t) != 1) {
450	fprintf(stderr, "FAIL: test %d - failed to set normalize '%s'\n",	472	fprintf(stderr, "FAIL: test %d - failed to set normalize '%s'\n",
451	test_no, att->str);	473	test_no, att->str);
452	goto done;	474	goto done;
453	}	475	}
454		476
455	if (ASN1_TIME_set_string_X509(tx509, t->data) != 1) {	477	if (ASN1_TIME_set_string_X509(tx509, parsed_time) != 1) {
		478	fprintf(stderr, "FAIL: test %d - failed to set string X509 '%s'\n",
		479	test_no, t->data);
		480	goto done;
		481	}
		482
		483	if (t->type != tx509->type) {
		484	fprintf(stderr, "FAIL: test %d - type %d, different from %d\n",
		485	test_no, t->type, tx509->type);
		486	goto done;
		487	}
		488
		489	if (ASN1_TIME_compare(t, tx509) != 0) {
		490	fprintf(stderr, "FAIL: ASN1_TIME values differ!\n");
		491	goto done;
		492	}
		493
		494	if (ASN1_TIME_set_string(tx509, parsed_time) != 1) {
456	fprintf(stderr, "FAIL: test %d - failed to set string X509 '%s'\n",	495	fprintf(stderr, "FAIL: test %d - failed to set string X509 '%s'\n",
457	test_no, t->data);	496	test_no, t->data);
458	goto done;	497	goto done;
@@ -476,6 +515,7 @@ asn1_time_test(int test_no, const struct asn1_time_test *att, int type)
476		515
477	ASN1_TIME_free(t);	516	ASN1_TIME_free(t);
478	ASN1_TIME_free(tx509);	517	ASN1_TIME_free(tx509);
		518	free(parsed_time);
479		519
480	return (failure);	520	return (failure);
481	}	521	}


diff --git a/src/regress/lib/libcrypto/asn1/rfc5280time.c b/src/regress/lib/libcrypto/asn1/rfc5280time.c index 7a44a30e88..c57cac1463 100644 --- a/src/regress/lib/libcrypto/asn1/rfc5280time.c +++ b/src/regress/lib/libcrypto/asn1/rfc5280time.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rfc5280time.c,v 1.7 2022/09/05 21:12:08 tb Exp $ */	1	/* $OpenBSD: rfc5280time.c,v 1.8 2024/04/08 19:57:40 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2015 Bob Beck <beck@opebsd.org>	4	* Copyright (c) 2015 Bob Beck <beck@opebsd.org>
@@ -234,13 +234,6 @@ rfc5280_invtime_test(int test_no, struct rfc5280_time_test *att)
234	goto done;	234	goto done;
235	}	235	}
236	}	236	}
237	if (ASN1_TIME_set_string(t, att->str) != 0) {
238	if (X509_cmp_time(t, &now) != 0) {
239	fprintf(stderr, "FAIL: test %d - successfully parsed as UTCTIME "
240	"string '%s'\n", test_no, att->str);
241	goto done;
242	}
243	}
244		237
245	failure = 0;	238	failure = 0;
246		239