diff options
-rw-r--r-- | lib/libcrypto/asn1/a_time_tm.c | 5 | ||||
-rw-r--r-- | lib/libcrypto/asn1/a_utctm.c | 54 | ||||
-rw-r--r-- | lib/libcrypto/asn1/asn1.h | 5 |
3 files changed, 25 insertions, 39 deletions
diff --git a/lib/libcrypto/asn1/a_time_tm.c b/lib/libcrypto/asn1/a_time_tm.c index ba751736536..53443fa965b 100644 --- a/lib/libcrypto/asn1/a_time_tm.c +++ b/lib/libcrypto/asn1/a_time_tm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_time_tm.c,v 1.4 2015/10/06 12:54:24 bcook Exp $ */ +/* $OpenBSD: a_time_tm.c,v 1.5 2015/10/08 02:26:31 beck Exp $ */ /* * Copyright (c) 2015 Bob Beck <beck@openbsd.org> * @@ -68,8 +68,7 @@ utctime_string_from_tm(struct tm *tm) * 0 if we expect to parse a time as specified in RFC 5280 from an * X509 certificate. * V_ASN1_UTCTIME if we wish to parse a legacy ASN1 UTC time. - * V_ASN1_GENERALIZEDTIME if we wish to parse a legacy ASN1 - * Generalizd time. + * V_ASN1_GENERALIZEDTIME if we wish to parse a legacy ASN1 Generalized time. * * Returns: * -1 if the string was invalid. diff --git a/lib/libcrypto/asn1/a_utctm.c b/lib/libcrypto/asn1/a_utctm.c index c208d494c3a..fa6f40cdc92 100644 --- a/lib/libcrypto/asn1/a_utctm.c +++ b/lib/libcrypto/asn1/a_utctm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_utctm.c,v 1.29 2015/10/02 15:04:45 beck Exp $ */ +/* $OpenBSD: a_utctm.c,v 1.30 2015/10/08 02:26:31 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -151,37 +151,23 @@ ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec) int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) { - struct tm *tm; - struct tm data; - int offset; - int year; - -#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') - - if (s->data[12] == 'Z') - offset = 0; - else { - offset = g2(s->data + 13)*60 + g2(s->data + 15); - if (s->data[12] == '-') - offset = -offset; - } - - t -= offset * 60; /* FIXME: may overflow in extreme cases */ - - tm = gmtime_r(&t, &data); - -#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1 - year = g2(s->data); - if (year < 50) - year += 100; - return_cmp(year, tm->tm_year); - return_cmp(g2(s->data + 2) - 1, tm->tm_mon); - return_cmp(g2(s->data + 4), tm->tm_mday); - return_cmp(g2(s->data + 6), tm->tm_hour); - return_cmp(g2(s->data + 8), tm->tm_min); - return_cmp(g2(s->data + 10), tm->tm_sec); -#undef g2 -#undef return_cmp - - return 0; + struct tm tm1; + time_t time1; + + /* + * This funciton has never handled failure conditions properly + * and should be deprecated. BoringSSL makes it return -2 on + * failures, the OpenSSL version follows NULL pointers instead. + */ + if (asn1_time_parse(s->data, s->length, &tm1, V_ASN1_UTCTIME) == -1) + return (-2); /* XXX */ + + if ((time1 = timegm(&tm1)) == -1) + return (-2); /* XXX */ + + if (time1 < t) + return (-1); + if (time1 > t) + return (1); + return (0); } diff --git a/lib/libcrypto/asn1/asn1.h b/lib/libcrypto/asn1/asn1.h index 3fb4b8fbf17..c0d0f9288fe 100644 --- a/lib/libcrypto/asn1/asn1.h +++ b/lib/libcrypto/asn1/asn1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1.h,v 1.30 2015/09/30 19:13:13 jsing Exp $ */ +/* $OpenBSD: asn1.h,v 1.31 2015/10/08 02:26:31 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -812,8 +812,9 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec); int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); +#ifndef LIBRESSL_INTERNAL int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); - +#endif int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, time_t t); |