diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2022-08-11 01:56:52 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2022-08-11 01:56:52 +0000 |
| commit | 63a41f6ebfe91d170456eda64de879a436e47d4e (patch) | |
| tree | aa7f37c65136bdef9d41c141691fe68c2b795362 /usr.bin/ssh/misc.c | |
| parent | a4d82b73705da542a4fe30c3f591e19264e1e386 (diff) | |
allow certificate validity intervals, sshsig verification times and
authorized_keys expiry-time options to accept dates in the UTC time
zone in addition to the default of interpreting them in the system
time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times will be
interpreted as UTC if suffixed with a 'Z' character.
Also allow certificate validity intervals to be specified in raw
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
is intended for use by regress tests and other tools that call
ssh-keygen as part of a CA workflow.
bz3468 ok dtucker
Diffstat (limited to 'usr.bin/ssh/misc.c')
| -rw-r--r-- | usr.bin/ssh/misc.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c index a864b87fa5b..f3534e48465 100644 --- a/usr.bin/ssh/misc.c +++ b/usr.bin/ssh/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.176 2022/06/03 04:30:47 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.177 2022/08/11 01:56:51 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005-2020 Damien Miller. All rights reserved. @@ -2299,15 +2299,26 @@ parse_absolute_time(const char *s, uint64_t *tp) struct tm tm; time_t tt; char buf[32], *fmt; + const char *cp; + size_t l; + int is_utc = 0; *tp = 0; + l = strlen(s); + if (l > 1 && strcasecmp(s + l - 1, "Z") == 0) { + is_utc = 1; + l--; + } else if (l > 3 && strcasecmp(s + l - 3, "UTC") == 0) { + is_utc = 1; + l -= 3; + } /* * POSIX strptime says "The application shall ensure that there * is white-space or other non-alphanumeric characters between * any two conversion specifications" so arrange things this way. */ - switch (strlen(s)) { + switch (l) { case 8: /* YYYYMMDD */ fmt = "%Y-%m-%d"; snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6); @@ -2327,10 +2338,15 @@ parse_absolute_time(const char *s, uint64_t *tp) } memset(&tm, 0, sizeof(tm)); - if (strptime(buf, fmt, &tm) == NULL) - return SSH_ERR_INVALID_FORMAT; - if ((tt = mktime(&tm)) < 0) + if ((cp = strptime(buf, fmt, &tm)) == NULL || *cp != '\0') return SSH_ERR_INVALID_FORMAT; + if (is_utc) { + if ((tt = timegm(&tm)) < 0) + return SSH_ERR_INVALID_FORMAT; + } else { + if ((tt = mktime(&tm)) < 0) + return SSH_ERR_INVALID_FORMAT; + } /* success */ *tp = (uint64_t)tt; return 0; |