From: Dr. Stephen Henson Date: Fri, 24 Jan 2003 01:12:01 +0000 (+0000) Subject: Check return value of gmtime() and add error codes X-Git-Tag: BEN_FIPS_TEST_1~38^2~364 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d3b5cb5343afa4e4ae64bee4621171e6b00aaa21;p=thirdparty%2Fopenssl.git Check return value of gmtime() and add error codes where it fails in ASN1_TIME_set(). Edit asn1.h so the new error code is the same in 0.9.7 and 0.9.8, rebuild new error codes. Clear error queue in req.c if *_min or *_max is absent. --- diff --git a/CHANGES b/CHANGES index 2fd057c41e..aa9a7ae8d1 100644 --- a/CHANGES +++ b/CHANGES @@ -381,6 +381,10 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Under Win32 gmtime() can return NULL: check return value in + OPENSSL_gmtime(). Add error code for case where gmtime() fails. + [Steve Henson] + *) DSA routines: under certain error conditions uninitialized BN objects could be freed. Solution: make sure initialization is performed early enough. (Reported and fix supplied by Ivan D Nestlerode , diff --git a/apps/req.c b/apps/req.c index 4fa5ae6fe8..3612114980 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1318,11 +1318,17 @@ start: for (;;) sprintf(buf,"%s_min",v->name); if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min)) + { + ERR_clear_error(); n_min = -1; + } sprintf(buf,"%s_max",v->name); if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max)) + { + ERR_clear_error(); n_max = -1; + } if (!add_DN_object(subj,v->value,def,value,nid, n_min,n_max, chtype)) diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 3a03c9e4e4..7348da9457 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -105,7 +105,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) ts=OPENSSL_gmtime(&t,&data); if (ts == NULL) + { + ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME); return NULL; + } if((ts->tm_year >= 50) && (ts->tm_year < 150)) return ASN1_UTCTIME_set(s, t); return ASN1_GENERALIZEDTIME_set(s,t); diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 460e0eb6e7..0eb97fa62e 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -965,8 +965,8 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_A2I_ASN1_ENUMERATED 101 #define ASN1_F_A2I_ASN1_INTEGER 102 #define ASN1_F_A2I_ASN1_STRING 103 -#define ASN1_F_APPEND_TAG 177 -#define ASN1_F_ASN1_CB 178 +#define ASN1_F_APPEND_TAG 176 +#define ASN1_F_ASN1_CB 177 #define ASN1_F_ASN1_CHECK_TLEN 104 #define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 #define ASN1_F_ASN1_COLLECT 106 @@ -977,7 +977,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_DUP 111 #define ASN1_F_ASN1_ENUMERATED_SET 112 #define ASN1_F_ASN1_ENUMERATED_TO_BN 113 -#define ASN1_F_ASN1_GENERATE_V3 182 +#define ASN1_F_ASN1_GENERATE_V3 178 #define ASN1_F_ASN1_GET_OBJECT 114 #define ASN1_F_ASN1_HEADER_NEW 115 #define ASN1_F_ASN1_I2D_BIO 116 @@ -999,6 +999,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_TEMPLATE_D2I 131 #define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 #define ASN1_F_ASN1_TEMPLATE_NEW 133 +#define ASN1_F_ASN1_TIME_SET 175 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 #define ASN1_F_ASN1_UNPACK_STRING 136 @@ -1028,15 +1029,14 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_D2I_X509_PKEY 159 #define ASN1_F_I2D_ASN1_TIME 160 #define ASN1_F_I2D_DSA_PUBKEY 161 -#define ASN1_F_I2D_ECDSA_PUBKEY 174 -#define ASN1_F_I2D_EC_PUBKEY 176 +#define ASN1_F_I2D_EC_PUBKEY 181 #define ASN1_F_I2D_NETSCAPE_RSA 162 #define ASN1_F_I2D_PRIVATEKEY 163 #define ASN1_F_I2D_PUBLICKEY 164 #define ASN1_F_I2D_RSA_PUBKEY 165 #define ASN1_F_LONG_C2I 166 -#define ASN1_F_OID_MODULE_INIT 175 -#define ASN1_F_PARSE_TAGGING 181 +#define ASN1_F_OID_MODULE_INIT 174 +#define ASN1_F_PARSE_TAGGING 182 #define ASN1_F_PKCS5_PBE2_SET 167 #define ASN1_F_X509_CINF_NEW 168 #define ASN1_F_X509_CRL_ADD0_REVOKED 169 @@ -1059,8 +1059,9 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_DATA_IS_WRONG 109 #define ASN1_R_DECODE_ERROR 110 #define ASN1_R_DECODING_ERROR 111 -#define ASN1_R_DEPTH_EXCEEDED 173 +#define ASN1_R_DEPTH_EXCEEDED 174 #define ASN1_R_ENCODE_ERROR 112 +#define ASN1_R_ERROR_GETTING_TIME 173 #define ASN1_R_ERROR_LOADING_SECTION 172 #define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 #define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 @@ -1073,57 +1074,57 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_FIELD_MISSING 121 #define ASN1_R_FIRST_NUM_TOO_LARGE 122 #define ASN1_R_HEADER_TOO_LONG 123 -#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 174 -#define ASN1_R_ILLEGAL_BOOLEAN 175 +#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +#define ASN1_R_ILLEGAL_BOOLEAN 176 #define ASN1_R_ILLEGAL_CHARACTERS 124 -#define ASN1_R_ILLEGAL_FORMAT 176 -#define ASN1_R_ILLEGAL_HEX 177 -#define ASN1_R_ILLEGAL_IMPLICIT_TAG 178 -#define ASN1_R_ILLEGAL_INTEGER 179 -#define ASN1_R_ILLEGAL_NESTED_TAGGING 180 +#define ASN1_R_ILLEGAL_FORMAT 177 +#define ASN1_R_ILLEGAL_HEX 178 +#define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +#define ASN1_R_ILLEGAL_INTEGER 180 +#define ASN1_R_ILLEGAL_NESTED_TAGGING 181 #define ASN1_R_ILLEGAL_NULL 125 -#define ASN1_R_ILLEGAL_NULL_VALUE 181 -#define ASN1_R_ILLEGAL_OBJECT 182 +#define ASN1_R_ILLEGAL_NULL_VALUE 182 +#define ASN1_R_ILLEGAL_OBJECT 183 #define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 #define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 #define ASN1_R_ILLEGAL_TAGGED_ANY 127 -#define ASN1_R_ILLEGAL_TIME_VALUE 183 -#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 184 +#define ASN1_R_ILLEGAL_TIME_VALUE 184 +#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 #define ASN1_R_INVALID_DIGIT 130 -#define ASN1_R_INVALID_MODIFIER 185 -#define ASN1_R_INVALID_NUMBER 186 +#define ASN1_R_INVALID_MODIFIER 186 +#define ASN1_R_INVALID_NUMBER 187 #define ASN1_R_INVALID_SEPARATOR 131 #define ASN1_R_INVALID_TIME_FORMAT 132 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 #define ASN1_R_INVALID_UTF8STRING 134 #define ASN1_R_IV_TOO_LARGE 135 #define ASN1_R_LENGTH_ERROR 136 -#define ASN1_R_LIST_ERROR 187 +#define ASN1_R_LIST_ERROR 188 #define ASN1_R_MISSING_EOC 137 #define ASN1_R_MISSING_SECOND_NUMBER 138 -#define ASN1_R_MISSING_VALUE 188 +#define ASN1_R_MISSING_VALUE 189 #define ASN1_R_MSTRING_NOT_UNIVERSAL 139 #define ASN1_R_MSTRING_WRONG_TAG 140 #define ASN1_R_NON_HEX_CHARACTERS 141 -#define ASN1_R_NOT_ASCII_FORMAT 189 +#define ASN1_R_NOT_ASCII_FORMAT 190 #define ASN1_R_NOT_ENOUGH_DATA 142 #define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 #define ASN1_R_NULL_IS_WRONG_LENGTH 144 -#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 190 +#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 #define ASN1_R_ODD_NUMBER_OF_CHARS 145 #define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 #define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 #define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 -#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 195 +#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 #define ASN1_R_SHORT_LINE 150 #define ASN1_R_STRING_TOO_LONG 151 #define ASN1_R_STRING_TOO_SHORT 152 #define ASN1_R_TAG_VALUE_TOO_HIGH 153 #define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 -#define ASN1_R_TIME_NOT_ASCII_FORMAT 191 +#define ASN1_R_TIME_NOT_ASCII_FORMAT 193 #define ASN1_R_TOO_LONG 155 #define ASN1_R_TYPE_NOT_CONSTRUCTED 156 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 @@ -1133,13 +1134,13 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 -#define ASN1_R_UNKNOWN_TAG 192 -#define ASN1_R_UNKOWN_FORMAT 193 +#define ASN1_R_UNKNOWN_TAG 194 +#define ASN1_R_UNKOWN_FORMAT 195 #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 #define ASN1_R_UNSUPPORTED_CIPHER 165 #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 -#define ASN1_R_UNSUPPORTED_TYPE 194 +#define ASN1_R_UNSUPPORTED_TYPE 196 #define ASN1_R_WRONG_TAG 168 #define ASN1_R_WRONG_TYPE 169 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 55aef5e790..d83ed65cdb 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -104,6 +104,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"}, {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0), "ASN1_TEMPLATE_EX_D2I"}, {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0), "ASN1_TEMPLATE_NEW"}, +{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0), "ASN1_TIME_set"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"}, @@ -133,7 +134,6 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "d2i_X509_PKEY"}, {ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "I2D_ASN1_TIME"}, {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0), "i2d_DSA_PUBKEY"}, -{ERR_PACK(0,ASN1_F_I2D_ECDSA_PUBKEY,0), "I2D_ECDSA_PUBKEY"}, {ERR_PACK(0,ASN1_F_I2D_EC_PUBKEY,0), "i2d_EC_PUBKEY"}, {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"}, {ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0), "i2d_PrivateKey"}, @@ -169,6 +169,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ASN1_R_DECODING_ERROR ,"decoding error"}, {ASN1_R_DEPTH_EXCEEDED ,"depth exceeded"}, {ASN1_R_ENCODE_ERROR ,"encode error"}, +{ASN1_R_ERROR_GETTING_TIME ,"error getting time"}, {ASN1_R_ERROR_LOADING_SECTION ,"error loading section"}, {ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"}, {ASN1_R_ERROR_SETTING_CIPHER_PARAMS ,"error setting cipher params"}, diff --git a/crypto/o_time.c b/crypto/o_time.c index 1bc0297b36..ca5f3ea48e 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -80,7 +80,8 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) ts = result; #elif !defined(OPENSSL_SYS_VMS) ts = gmtime(timer); - memcpy(result, ts, sizeof(struct tm)); + if (ts != NULL) + memcpy(result, ts, sizeof(struct tm)); ts = result; #endif #ifdef OPENSSL_SYS_VMS