From ba8e28248f37d0b77742f9f200fcdf8d54d7d8b4 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 20 Jan 2001 13:38:45 +0000 Subject: [PATCH] Fix to stop X509_time_adj() using GeneralizedTime. --- CHANGES | 9 +++++++++ crypto/x509/x509_vfy.c | 8 +++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index f548204e3..f5d92ae11 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,15 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new(). + Previously it initialised the 'type' argument to V_ASN1_UTCTIME which + effectively meant GeneralizedTime would never be used. Now it + is initialised to -1 but X509_time_adj() now has to check the value + and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or + V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime. + [Steve Henson, reported by Kenneth R. Robinette + ] + *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously result in a zero length in the ASN1_INTEGER structure which was not consistent with the structure when d2i_ASN1_INTEGER() was used diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 32515cbcc..73eecd6ee 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -645,14 +645,16 @@ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm) { time_t t; + int type = -1; if (in_tm) t = *in_tm; else time(&t); t+=adj; - if (!s) return ASN1_TIME_set(s, t); - if (s->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t); - return ASN1_GENERALIZEDTIME_set(s, t); + if (s) type = s->type; + if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t); + if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t); + return ASN1_TIME_set(s, t); } int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)