diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2011-12-23 18:01:31 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2011-12-23 18:07:39 +0100 |
| commit | e86b685da500f58caf1a59dceee0a2c91be275d6 (patch) | |
| tree | 89068040d4740ed250dc78193e1a50254ab5c32c | |
| parent | f4095fdc8a22e44d2574d05f6059ed53471dee31 (diff) | |
| download | strongswan-e86b685da500f58caf1a59dceee0a2c91be275d6.tar.bz2 strongswan-e86b685da500f58caf1a59dceee0a2c91be275d6.tar.xz | |
Allow callers to force ASN.1 date encoding as GENERALIZEDTIME.
| -rw-r--r-- | src/libstrongswan/asn1/asn1.c | 9 | ||||
| -rw-r--r-- | src/libstrongswan/asn1/asn1.h | 5 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/pkcs7.c | 2 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_ac.c | 4 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_cert.c | 4 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_crl.c | 6 |
6 files changed, 16 insertions, 14 deletions
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 6ce818f0d..149784057 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -426,9 +426,8 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) /** * Convert a date into ASN.1 UTCTIME or GENERALIZEDTIME format */ -chunk_t asn1_from_time(const time_t *time) +chunk_t asn1_from_time(const time_t *time, asn1_t type) { - asn1_t type; int offset; const char *format; char buf[BUF_LEN]; @@ -437,8 +436,10 @@ chunk_t asn1_from_time(const time_t *time) gmtime_r(time, &t); /* RFC 5280 says that dates through the year 2049 MUST be encoded as UTCTIME - * and dates in 2050 or later MUST be encoded as GENERALIZEDTIME */ - type = (t.tm_year < 150) ? ASN1_UTCTIME : ASN1_GENERALIZEDTIME; + * and dates in 2050 or later MUST be encoded as GENERALIZEDTIME. We only + * enforce the latter to avoid overflows but allow callers to force the + * encoding to GENERALIZEDTIME */ + type = (t.tm_year >= 150) ? ASN1_GENERALIZEDTIME : type; if (type == ASN1_GENERALIZEDTIME) { format = "%04d%02d%02d%02d%02d%02dZ"; diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index d5468a430..15ffff62e 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -191,12 +191,13 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type); /** * Converts time_t to an ASN.1 UTCTIME or GENERALIZEDTIME string * - * The type is automatically chosen based on the encoded year. + * @note The type is automatically changed to GENERALIZEDTIME if needed * * @param time time_t in UTC + * @param type ASN1_UTCTIME or ASN1_GENERALIZEDTIME * @return body of an ASN.1 code time object */ -chunk_t asn1_from_time(const time_t *time); +chunk_t asn1_from_time(const time_t *time, asn1_t type); /** * Parse an ASN.1 UTCTIME or GENERALIZEDTIME object diff --git a/src/libstrongswan/crypto/pkcs7.c b/src/libstrongswan/crypto/pkcs7.c index 578021aa4..a4d0e71fe 100644 --- a/src/libstrongswan/crypto/pkcs7.c +++ b/src/libstrongswan/crypto/pkcs7.c @@ -825,7 +825,7 @@ METHOD(pkcs7_t, build_signedData, bool, /* take the current time as signingTime */ time_t now = time(NULL); - chunk_t signingTime = asn1_from_time(&now); + chunk_t signingTime = asn1_from_time(&now, ASN1_UTCTIME); chunk_t messageDigest, attributes; diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index 7492aeb68..a2cb589e0 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -527,8 +527,8 @@ static chunk_t build_v2_form(private_x509_ac_t *this) static chunk_t build_attr_cert_validity(private_x509_ac_t *this) { return asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_from_time(&this->notBefore), - asn1_from_time(&this->notAfter)); + asn1_from_time(&this->notBefore, ASN1_GENERALIZEDTIME), + asn1_from_time(&this->notAfter, ASN1_GENERALIZEDTIME)); } diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 25646a7c2..f828c923a 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -2316,8 +2316,8 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, asn1_algorithmIdentifier(cert->algorithm), issuer->get_encoding(issuer), asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_from_time(&cert->notBefore), - asn1_from_time(&cert->notAfter)), + asn1_from_time(&cert->notBefore, ASN1_UTCTIME), + asn1_from_time(&cert->notAfter, ASN1_UTCTIME)), subject->get_encoding(subject), key_info, extensions); diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index f40141338..7bcca16a3 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -736,7 +736,7 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, } revoked = asn1_wrap(ASN1_SEQUENCE, "mmm", asn1_integer("c", serial), - asn1_from_time(&date), + asn1_from_time(&date, ASN1_UTCTIME), entry_ext); certList = chunk_cat("mm", certList, revoked); } @@ -773,8 +773,8 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, ASN1_INTEGER_1, asn1_algorithmIdentifier(this->algorithm), this->issuer->get_encoding(this->issuer), - asn1_from_time(&this->thisUpdate), - asn1_from_time(&this->nextUpdate), + asn1_from_time(&this->thisUpdate, ASN1_UTCTIME), + asn1_from_time(&this->nextUpdate, ASN1_UTCTIME), asn1_wrap(ASN1_SEQUENCE, "m", certList), extensions); |