summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1/a_time_tm.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove disgusting NULL checks in tm_to_{gentime,utctime}()tb2024-05-031-7/+1
| | | | | | | | The only caller that could potentially call these with NULL has been fixed. This way an ugly hack that was needed to plug a memory leak can go away and the functions again behave as intended without OpenSSL-style workarounds. ok beck
* Intercept a NULL s early in ASN1_TIME_set_string_internal()tb2024-05-031-1/+6
| | | | | | | | | | If s is NULL, the only thing the tm_to_*() functions do is a check that a GeneralizedTime has a four digit year (between 0000 and 9999) and a UTCTime has a year between 1950 and 2050. These checks are already done in ASN1_TIME_parse() itself: the century is 100 times a two-digit value (or 19 in the UTCTime case) plus another two-digit value. ok beck
* Simplify type handling in ASN1_TIME_set_string_internal()tb2024-05-031-5/+4
| | | | | | | | | ASN1_time_parse() takes a mode argument. If mode != 0, there is a check that mode is the same as the time type returned by asn1_time_parse_cbs() otherwise ASN1_time_parse() fails. Therefore the type == mode checks in ASN1_set_string_internal() are redundant and can be removed. ok beck
* Simplify tm handling in ASN1_time_parse()tb2024-05-031-3/+2
| | | | | | | The CBS version asn1_time_parse_cbs() handles a NULL tm gracefully, so there is no need to avoid it by passing a pointer to a tm on the stack. ok beck
* Remove parentheses after returntb2024-04-111-40/+40
| | | | | This file was very undecided what style to choose and often changed its mind in the middle of a function. No change in the generated assembly.
* Rework internal tm_to_*() converterstb2024-04-111-69/+66
| | | | | | | | | | | | Make them static. Don't make them allocate if passed a NULL ASN1_TIME to avoid leaks. This currently means that we accept a NULL and succeed. That's very ugly but better than what we have now. Simplify ASN1_TIME_set_string_internal() accordingly and allocate an ASN1_TIME at the API boundary of ASN1_TIME_adj_internal() and of ASN1_TIME_to_generalized_time(). ok beck (after a lot of squealing and distress)
* Hide a couple of LCRYPTO_UNUSED in asn1.hbeck2024-04-101-1/+2
| | | | | | and remove the LIBRESSL_INTERNAL guards around them ok tb@
* Plug leaks in ASN1_TIME_set_string_internal()tb2024-04-091-6/+17
| | | | | | | | | | This API can be called with s == NULL, in which case the tm_to_*() functions helpfully allocate a new s and then leak. This is a rather ugly fix to make portable ASAN regress happy again, the better fix will be to rewrite the tm_to_*() functions and adjust their callers. That is more intrusive and will be done in a later pass. ok bcook jsing
* Make ASN1_TIME_set_string_X509 and ASN1_TIME_set_string match the man pagebeck2024-04-081-26/+14
| | | | | | | | | | | This makes it where people can't put dumb values in certs without trying harder, and changes the regress to test this. GENERALIZED times outside of the RFC5280 spec are required for OCSP but these should be constructed with the GENERALIZED time string setters. ok tb@
* Garbage collect ASN1_TIME_set_tm()tb2024-03-021-11/+1
| | | | | | This was a public helper that is no longer used internally either. ok jsing
* Remove beck's ASN.1 time API from public visibilitytb2024-03-021-4/+1
| | | | | | | | | | | | This API was needed since OpenSSL didn't have one. We now have variants of OpenSSL's API and will also expose BoringSSL's complementary API. The users of this API were ported to the OpenSSL variants and some may switch to BoringSSL's in the future. Part of it is still used internally. ASN1_time_tm_clamp_notafter() is still used by libtls (and only libtls). This will be fixed in a future bump. ok jsing
* Fix a copy-paste bug in ASN1_TIME_compare()tb2023-10-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | | ASN1_TIME_compare() compares two times t1 and t2. Due to a copy-paste error, we would do ASN1_time_parse(t1->data, t2->length, &tm2, t2->type) Now if t1 is a UTCTime (length 13) and t2 is a GeneralizedTime (length 15), the worst that could happen is a 2-byte out-of-bounds read. Fortunately, t1 will already have parsed as a UTCTime, so it will have a Z where there should be the first digit of the seconds for a GeneralizedTime and we will error out. Now if both t1 and t2 have the same type, we will parse t1's data twice and we will return an incorrect comparison. This could have some security impact if anything relied on this function for security purposes. It is unused in our tree and unused in our ports tree ports and the only consumer I could find was some MongoDB things doing OCSP, so this won't be too bad. Then of course there's also the language bindings. Issue reported by Duncan Thomson at esri dot com via libressl-security ok beck deraadt
* Ensure no memory is leaked after passing NULL to ASN1_TIME_normalize()libressl-v3.8.1job2023-08-301-1/+3
| | | | OK tb@
* Unbreak the namespace build after a broken mk.conf and tool misfire hadbeck2023-07-071-3/+1
| | | | | | | | me aliasing symbols not in the headers I was procesing. This unbreaks the namespace build so it will pass again ok tb@
* Hide symbols in asn1 and biobeck2023-07-051-1/+23
| | | | ok jsing@
* Make internal header file names consistenttb2022-11-261-2/+2
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Rename last OPENSSL_gmtime() to asn1_time_time_t_to_tm()tb2022-11-221-2/+2
| | | | | | | This rename was done before commit, but one instance was missed since it was hidden behind #ifdef SMALL_TIME_T. Spotted by Android CI.
* Replace the old OpenSSL julian date stuff with BoringSSL'sbeck2022-11-081-6/+6
| | | | | | | | | | | | OpenSSL dealt with time conversion using a classical julian day scheme. BoringSSL got rid of it and uses only a julian style calculation for seconds since the POSIX time epoch. This changes libressl to use the seconds calculation exculusively instead of a mix of the julian day based conversions and the system time conversions to and from time_t to tm. ok tb@ jsing@
* The OpenSSL API is called ASN1_TIME_set_string_X509() (uppercase x)tb2022-07-041-2/+2
|
* whitespace nittb2022-06-301-2/+2
|
* Refactor asn1 time parsing to use CBS - enforce valid times in ASN.1 parsing.beck2022-06-291-66/+144
| | | | | | | | While we're here enforce valid days for months and leap years. Inspired by same in boringssl. ok jsing@
* Add new time manipulation funcitons that OpenSSL has exposed thatbeck2022-06-271-20/+76
| | | | | | | | the world seems to be using. Symbols.list changes and exposure to wait for minor bump ok jsing@ jca@
* Refactor ASN1_TIME_adj_internal()tb2022-04-281-84/+82
| | | | | | | | | | | | | | | | | | ASN1_TIME_adj_internal() does some strange dances with remembering allocations in a boolean and using strlen(p) to deduce what happened inside *_string_from_tm(). It also (mis)translates a NULL p to an illegal time value error. This can be streamlined by converting directly from a struct tm into an ASN1_TIME and setting the errors when they occur instead of trying to deduce them from a NULL return. This is made a bit uglier than necessary due to the reuse-or-allocate semantics of the public API. At the cost of a little code duplication, ASN1_TIME_adj_internal() becomes very easy and ASN1_TIME_to_generalizedtime() is also simplified somewhat. ok inoguchi jsing
* Fix leak in ASN1_TIME_adj_internal()tb2022-03-311-3/+5
| | | | | | | | | p is allocated by asprintf() in one of the *_from_tm() functions, so it needs to be freed as in the other error path below. CID 346194 ok jsing
* Zap blanks before tabs.tb2021-08-281-4/+4
|
* Remove two reduntat memset calls.tb2020-12-161-2/+1
| | | | pointed out by jsing
* Avoid potential use of uninitialized in ASN1_time_parsetb2020-12-161-4/+3
| | | | | | | | | | | When parsing an UTCTime into a struct tm that wasn't cleared by the caller, the years would be added to the already present value, which could give an incorrect result. This is an issue in ASN1_UTCTIME_cmp_time_t(), which is practically unused. Fix this by always zeroing the passed struct tm. Issue reported by Olivier Taïbi, thanks! ok jsing
* Add const to functions in asn1/asn1.h as they did in OpenSSL.tb2018-04-251-5/+5
| | | | | | | BIO_f_asn1() will be taken care of later. Tested in a bulk by sthen ok bcook jca jsing
* Put the opening curly brace in the right place.jsing2017-08-281-2/+3
|
* Add ability to clamp a notafter to values representable in a 32 bit time_tbeck2017-08-131-1/+17
| | | | | | This will only be used in portable. As noted, necessary to make us conformant to RFC 5280 4.1.2.5. ok jsing@ bcook@
* Add ASN1_TIME_set_tm to set an asn1 from a struct tm *beck2017-05-061-1/+11
| | | | ok jsing@
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-3/+2
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hiddenbeck2016-11-041-12/+12
| | | | | | functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
* make the counter a size_t as well, which quells a warning on visual studio 2015beck2015-12-121-2/+3
| | | | ok bcook@
* Another change that is needed to restore the previous behaviour ofjsing2015-10-221-5/+3
| | | | | | | ASN1_{GENERALIZED,UTC}TIME_set_string(), which allows it to be called with a NULL pointer. ok beck@
* Restore previous behaviour and allowjsing2015-10-221-2/+7
| | | | | | | | ASN1_{GENERALIZED,UTC,}TIME_set_string() to be called with a NULL pointer. Found the hard way by @kinichiro on github. ok beck@
* Stop supporing "legcay" time formats that OpenSSL supports. Rewrite thebeck2015-10-191-140/+322
| | | | | | utctime and gentime wrappers accordingly. Along with some other cleanup. this also removes the need for timegm. ok bcook@ sthen@ jsing@
* Spelling in commentbeck2015-10-081-3/+2
|
* prefer limits.h over sys/limits.hbcook2015-10-061-3/+3
| | | | ok deraadt@
* Make sure dot is not set after tz - fixes incorrect handling, which allowsjsing2015-10-051-2/+2
| | | | | | 20151005171301+1.09Z to be treated as a valid time. ok beck@
* Apply some style(9), tweak a few things for readability and add somejsing2015-10-041-36/+40
| | | | | | additional bounds checks. ok beck@
* Flense the greasy black guts of unreadble string parsing code out of three areasbeck2015-10-021-0/+257
in asn1 and x509 code, all dealing with an ASN1_TIME. This brings the parsing together in one function that converts into a struct tm. While we are at it this also brings us into conformance with RFC 5280 for times allowed in an X509 cert, as OpenSSL is very liberal with what it allows. input and fixes from deraadt@ jsing@ guethther@ and others. ok krw@, guenther@, jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 13:14:53 +0000