From 3a6c6bb62f6a38d2bc68b62b05a058d563919aff Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 13 Nov 2023 10:56:19 +0000
Subject: Remove last caller of ASN1_time_parse(3) in libtls

This one is slightly annoying since ASN1_TIME_to_tm(3) doesn't provide a
direct check for a GeneralizedTime, so call ASN1_GENERALIZEDTIME_check()
as well. This means LibreSSL parses the time twice. Shrug.

ok beck
---
 src/lib/libtls/tls_ocsp.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c
index acf6935a52..c7eb3e5986 100644
--- a/src/lib/libtls/tls_ocsp.c
+++ b/src/lib/libtls/tls_ocsp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls_ocsp.c,v 1.23 2023/05/14 07:26:25 op Exp $ */
+/*	$OpenBSD: tls_ocsp.c,v 1.24 2023/11/13 10:56:19 tb Exp $ */
 /*
  * Copyright (c) 2015 Marko Kreen <markokr@gmail.com>
  * Copyright (c) 2016 Bob Beck <beck@openbsd.org>
@@ -64,8 +64,9 @@ tls_ocsp_asn1_parse_time(struct tls *ctx, ASN1_GENERALIZEDTIME *gt, time_t *gt_t
 	if (gt == NULL)
 		return -1;
 	/* RFC 6960 specifies that all times in OCSP must be GENERALIZEDTIME */
-	if (ASN1_time_parse(gt->data, gt->length, &tm,
-		V_ASN1_GENERALIZEDTIME) == -1)
+	if (!ASN1_GENERALIZEDTIME_check(gt))
+		return -1;
+	if (!ASN1_TIME_to_tm(gt, &tm))
 		return -1;
 	if ((*gt_time = timegm(&tm)) == -1)
 		return -1;
-- 
cgit v1.2.3-55-g6feb