summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libcrypto/asn1/a_time_tm.c5
-rw-r--r--lib/libcrypto/asn1/a_utctm.c54
-rw-r--r--lib/libcrypto/asn1/asn1.h5
3 files changed, 25 insertions, 39 deletions
diff --git a/lib/libcrypto/asn1/a_time_tm.c b/lib/libcrypto/asn1/a_time_tm.c
index ba751736536..53443fa965b 100644
--- a/lib/libcrypto/asn1/a_time_tm.c
+++ b/lib/libcrypto/asn1/a_time_tm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_time_tm.c,v 1.4 2015/10/06 12:54:24 bcook Exp $ */
+/* $OpenBSD: a_time_tm.c,v 1.5 2015/10/08 02:26:31 beck Exp $ */
/*
* Copyright (c) 2015 Bob Beck <beck@openbsd.org>
*
@@ -68,8 +68,7 @@ utctime_string_from_tm(struct tm *tm)
* 0 if we expect to parse a time as specified in RFC 5280 from an
* X509 certificate.
* V_ASN1_UTCTIME if we wish to parse a legacy ASN1 UTC time.
- * V_ASN1_GENERALIZEDTIME if we wish to parse a legacy ASN1
- * Generalizd time.
+ * V_ASN1_GENERALIZEDTIME if we wish to parse a legacy ASN1 Generalized time.
*
* Returns:
* -1 if the string was invalid.
diff --git a/lib/libcrypto/asn1/a_utctm.c b/lib/libcrypto/asn1/a_utctm.c
index c208d494c3a..fa6f40cdc92 100644
--- a/lib/libcrypto/asn1/a_utctm.c
+++ b/lib/libcrypto/asn1/a_utctm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_utctm.c,v 1.29 2015/10/02 15:04:45 beck Exp $ */
+/* $OpenBSD: a_utctm.c,v 1.30 2015/10/08 02:26:31 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -151,37 +151,23 @@ ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec)
int
ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
{
- struct tm *tm;
- struct tm data;
- int offset;
- int year;
-
-#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
-
- if (s->data[12] == 'Z')
- offset = 0;
- else {
- offset = g2(s->data + 13)*60 + g2(s->data + 15);
- if (s->data[12] == '-')
- offset = -offset;
- }
-
- t -= offset * 60; /* FIXME: may overflow in extreme cases */
-
- tm = gmtime_r(&t, &data);
-
-#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
- year = g2(s->data);
- if (year < 50)
- year += 100;
- return_cmp(year, tm->tm_year);
- return_cmp(g2(s->data + 2) - 1, tm->tm_mon);
- return_cmp(g2(s->data + 4), tm->tm_mday);
- return_cmp(g2(s->data + 6), tm->tm_hour);
- return_cmp(g2(s->data + 8), tm->tm_min);
- return_cmp(g2(s->data + 10), tm->tm_sec);
-#undef g2
-#undef return_cmp
-
- return 0;
+ struct tm tm1;
+ time_t time1;
+
+ /*
+ * This funciton has never handled failure conditions properly
+ * and should be deprecated. BoringSSL makes it return -2 on
+ * failures, the OpenSSL version follows NULL pointers instead.
+ */
+ if (asn1_time_parse(s->data, s->length, &tm1, V_ASN1_UTCTIME) == -1)
+ return (-2); /* XXX */
+
+ if ((time1 = timegm(&tm1)) == -1)
+ return (-2); /* XXX */
+
+ if (time1 < t)
+ return (-1);
+ if (time1 > t)
+ return (1);
+ return (0);
}
diff --git a/lib/libcrypto/asn1/asn1.h b/lib/libcrypto/asn1/asn1.h
index 3fb4b8fbf17..c0d0f9288fe 100644
--- a/lib/libcrypto/asn1/asn1.h
+++ b/lib/libcrypto/asn1/asn1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1.h,v 1.30 2015/09/30 19:13:13 jsing Exp $ */
+/* $OpenBSD: asn1.h,v 1.31 2015/10/08 02:26:31 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -812,8 +812,9 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
int offset_day, long offset_sec);
int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+#ifndef LIBRESSL_INTERNAL
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
-
+#endif
int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
time_t t);