From: Dr. David von Oheimb Date: Fri, 18 Dec 2020 20:47:20 +0000 (+0100) Subject: ASN1_TIME_print() etc.: Improve doc and add comment on handling invalid time input X-Git-Tag: openssl-3.0.0-alpha11~69 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b09aa550d3d9af269f9551a5a95a3d8408d9098d;p=thirdparty%2Fopenssl.git ASN1_TIME_print() etc.: Improve doc and add comment on handling invalid time input Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13714) --- diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index c34b028eafd..7bd97c65986 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -476,7 +476,9 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) if (!asn1_time_to_tm(&stm, tm)) { /* asn1_time_to_tm will check the time type */ - goto err; + (void)BIO_write(bp, "Bad time value", 14); + return 0; + /* It would have been more consistent to return BIO_write(...) */ } l = tm->length; @@ -509,9 +511,6 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) stm.tm_min, stm.tm_sec, stm.tm_year + 1900, (gmt ? " GMT" : "")) > 0; } - err: - BIO_write(bp, "Bad time value", 14); - return 0; } int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t) diff --git a/doc/man3/ASN1_TIME_set.pod b/doc/man3/ASN1_TIME_set.pod index b3163ad5395..60898e4e0a3 100644 --- a/doc/man3/ASN1_TIME_set.pod +++ b/doc/man3/ASN1_TIME_set.pod @@ -102,9 +102,9 @@ functions check the syntax of the time structure I. The ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() functions print the time structure I to BIO I in human readable format. It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example -"Feb 3 00:55:52 2015 GMT" it does not include a newline. If the time -structure has invalid format it prints out "Bad time value" and returns -an error. The output for generalized time may include a fractional part +"Feb 3 00:55:52 2015 GMT", which does not include a newline. +If the time structure has invalid format it prints out "Bad time value" and +returns an error. The output for generalized time may include a fractional part following the second. ASN1_TIME_to_tm() converts the time I to the standard I structure. @@ -181,6 +181,9 @@ ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() do not print out the timezone: it either prints out "GMT" or nothing. But all certificates complying with RFC5280 et al use GMT anyway. +ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() +do not distinguish if they fail because of an I/O error or invalid time format. + Use the ASN1_TIME_normalize() function to normalize the time value before printing to get GMT results. @@ -199,9 +202,9 @@ ASN1_TIME_normalize() returns 1 on success, and 0 on error. ASN1_TIME_check(), ASN1_UTCTIME_check and ASN1_GENERALIZEDTIME_check() return 1 if the structure is syntactically correct and 0 otherwise. -ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() return -1 if the time is successfully printed out and 0 if an error occurred (I/O error -or invalid time format). +ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() +return 1 if the time is successfully printed out and +0 if an I/O error occurred an error occurred (I/O error or invalid time format). ASN1_TIME_to_tm() returns 1 if the time is successfully parsed and 0 if an error occurred (invalid time format).