From e6f9ae68c1ebd92612d86753622e39a6c6eeb114 Mon Sep 17 00:00:00 2001 From: cameronrich Date: Thu, 14 Nov 2013 18:34:36 +0000 Subject: [PATCH] added generalized time for certificates git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@232 9a5d90b5-6617-0410-8a86-bb477d3ed2e3 --- ssl/asn1.c | 72 ++++++++++++++++++++++++++++++++++------------- ssl/crypto_misc.h | 1 + 2 files changed, 54 insertions(+), 19 deletions(-) diff --git a/ssl/asn1.c b/ssl/asn1.c index b082275b2..4e468755d 100644 --- a/ssl/asn1.c +++ b/ssl/asn1.c @@ -205,30 +205,64 @@ int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx) */ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t) { - int ret = X509_NOT_OK, len, t_offset; + int ret = X509_NOT_OK, len, t_offset, abs_year; struct tm tm; - if (buf[(*offset)++] != ASN1_UTC_TIME) - goto end_utc_time; - - len = get_asn1_length(buf, offset); - t_offset = *offset; - - memset(&tm, 0, sizeof(struct tm)); - tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0'); - - if (tm.tm_year <= 50) /* 1951-2050 thing */ + /* see http://tools.ietf.org/html/rfc5280#section-4.1.2.5 */ + if (buf[*offset] == ASN1_UTC_TIME) { - tm.tm_year += 100; + (*offset)++; + + len = get_asn1_length(buf, offset); + t_offset = *offset; + + memset(&tm, 0, sizeof(struct tm)); + tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0'); + + if (tm.tm_year <= 50) /* 1951-2050 thing */ + { + tm.tm_year += 100; + } + + tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1; + tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0'); + *t = mktime(&tm); + *offset += len; + ret = X509_OK; + } + else if (buf[*offset] == ASN1_GENERALIZED_TIME) + { + (*offset)++; + + len = get_asn1_length(buf, offset); + t_offset = *offset; + + memset(&tm, 0, sizeof(struct tm)); + abs_year = ((buf[t_offset] - '0')*1000 + + (buf[t_offset+1] - '0')*100 + (buf[t_offset+2] - '0')*10 + + (buf[t_offset+3] - '0')); + + if (abs_year <= 1901) + { + tm.tm_year = 1; + tm.tm_mon = 0; + tm.tm_mday = 1; + } + else + { + tm.tm_year = abs_year - 1900; + tm.tm_mon = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0') - 1; + tm.tm_mday = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0'); + tm.tm_hour = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0'); + tm.tm_min = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0'); + tm.tm_sec = (buf[t_offset+12] - '0')*10 + (buf[t_offset+13] - '0'); + *t = mktime(&tm); + } + + *offset += len; + ret = X509_OK; } - tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1; - tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0'); - *t = mktime(&tm); - *offset += len; - ret = X509_OK; - -end_utc_time: return ret; } diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h index 1fd514eeb..9bbc8e5ca 100644 --- a/ssl/crypto_misc.h +++ b/ssl/crypto_misc.h @@ -112,6 +112,7 @@ const char * x509_display_error(int error); #define ASN1_TELETEX_STR 0x14 #define ASN1_IA5_STR 0x16 #define ASN1_UTC_TIME 0x17 +#define ASN1_GENERALIZED_TIME 0x18 #define ASN1_UNICODE_STR 0x1e #define ASN1_SEQUENCE 0x30 #define ASN1_CONTEXT_DNSNAME 0x82