From b09aa550d3d9af269f9551a5a95a3d8408d9098d Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 18 Dec 2020 21:47:20 +0100 Subject: [PATCH] ASN1_TIME_print() etc.: Improve doc and add comment on handling invalid time input Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13714) --- crypto/asn1/a_time.c | 7 +++---- doc/man3/ASN1_TIME_set.pod | 15 +++++++++------ 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index c34b028eaf..7bd97c6598 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -476,7 +476,9 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) if (!asn1_time_to_tm(&stm, tm)) { /* asn1_time_to_tm will check the time type */ - goto err; + (void)BIO_write(bp, "Bad time value", 14); + return 0; + /* It would have been more consistent to return BIO_write(...) */ } l = tm->length; @@ -509,9 +511,6 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) stm.tm_min, stm.tm_sec, stm.tm_year + 1900, (gmt ? " GMT" : "")) > 0; } - err: - BIO_write(bp, "Bad time value", 14); - return 0; } int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t) diff --git a/doc/man3/ASN1_TIME_set.pod b/doc/man3/ASN1_TIME_set.pod index b3163ad539..60898e4e0a 100644 --- a/doc/man3/ASN1_TIME_set.pod +++ b/doc/man3/ASN1_TIME_set.pod @@ -102,9 +102,9 @@ functions check the syntax of the time structure I. The ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() functions print the time structure I to BIO I in human readable format. It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example -"Feb 3 00:55:52 2015 GMT" it does not include a newline. If the time -structure has invalid format it prints out "Bad time value" and returns -an error. The output for generalized time may include a fractional part +"Feb 3 00:55:52 2015 GMT", which does not include a newline. +If the time structure has invalid format it prints out "Bad time value" and +returns an error. The output for generalized time may include a fractional part following the second. ASN1_TIME_to_tm() converts the time I to the standard I structure. @@ -181,6 +181,9 @@ ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() do not print out the timezone: it either prints out "GMT" or nothing. But all certificates complying with RFC5280 et al use GMT anyway. +ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() +do not distinguish if they fail because of an I/O error or invalid time format. + Use the ASN1_TIME_normalize() function to normalize the time value before printing to get GMT results. @@ -199,9 +202,9 @@ ASN1_TIME_normalize() returns 1 on success, and 0 on error. ASN1_TIME_check(), ASN1_UTCTIME_check and ASN1_GENERALIZEDTIME_check() return 1 if the structure is syntactically correct and 0 otherwise. -ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() return -1 if the time is successfully printed out and 0 if an error occurred (I/O error -or invalid time format). +ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() +return 1 if the time is successfully printed out and +0 if an I/O error occurred an error occurred (I/O error or invalid time format). ASN1_TIME_to_tm() returns 1 if the time is successfully parsed and 0 if an error occurred (invalid time format).