Allow us to pass NULL to have the current time, since CMP appears to be determined...

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28623)

diff --git a/crypto/cmp/cmp_genm.c b/crypto/cmp/cmp_genm.c
index 963d1e4bce16dc781fda9424b2702d0c040d076c..4028699fbc9c1d6cd6f12110de8aea40e1ec8505 100644 (file)
--- a/crypto/cmp/cmp_genm.c
+++ b/crypto/cmp/cmp_genm.c
@@ -43,6 +43,7 @@ static int ossl_X509_check(OSSL_CMP_CTX *ctx, const char *source, X509 *cert,
     ret = ossl_x509_check_certificate_times(vpm, cert, &err);
     if (!ret) {
         const char * msg;
+
         switch (err) {
         case X509_V_ERR_CERT_NOT_YET_VALID:
             msg = "not yet valid";

diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index 638843b346c483b50ee5a0317cc91a43f3e9531d..e2432febb2fcb8b070df051ffc7894916dd6a05f 100644 (file)
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -280,7 +280,7 @@ static int cert_acceptable(const OSSL_CMP_CTX *ctx,
             message = "cert has an invalid not after field";
             break;
         default:
-            message= "cert is invalid for an unspecfied reason";
+            message = "cert is invalid for an unspecfied reason";
             break;
         }
 

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 7560172d9011d73785c1ef41c8c54b0f6af3b6d2..de3be3302783047603d28cc4b3e68ab9fad28ea4 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1016,7 +1016,7 @@ static int validate_certifiate_time(const ASN1_TIME *ctm)
  *  (-1, 0, or 1) in *out_comparison.
  */
 static int x509_cmp_time_internal(const ASN1_TIME *ctm, const time_t *cmp_time,
-                                  int* out_comparison)
+                                  int *out_comparison)
 {
     time_t t = cmp_time == NULL ? time(NULL) : *cmp_time;
     int comparison;
@@ -2131,17 +2131,20 @@ static int check_policy(X509_STORE_CTX *ctx)
  * Return 1 on success, 0 otherwise.
  */
 int ossl_x509_compare_asn1_time(const X509_VERIFY_PARAM *vpm,
-                                const ASN1_TIME *time, int *comparison)
+                                const ASN1_TIME *asn1_time, int *comparison)
 {
+    const time_t now = time(NULL);
     const time_t *check_time = NULL;
 
-    if ((vpm->flags & X509_V_FLAG_USE_CHECK_TIME) != 0) {
+    if (vpm == NULL) {
+        check_time = &now;
+    } else if ((vpm->flags & X509_V_FLAG_USE_CHECK_TIME) != 0) {
         check_time = &vpm->check_time;
     } else if ((vpm->flags & X509_V_FLAG_NO_CHECK_TIME) != 0) {
         *comparison = 0;
         return 1;
     }
-    return x509_cmp_time_internal(time, check_time, comparison);
+    return x509_cmp_time_internal(asn1_time, check_time, comparison);
 }
 
 /*-

diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c
index 3c4f2b3c07dd7dd4b11901a908a81a46c15e12d6..121f8b3258eb76bc6e9167845df1046096db6b3f 100644 (file)
--- a/test/x509_internal_test.c
+++ b/test/x509_internal_test.c
@@ -1,4 +1,5 @@
-/* Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
+/*
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -338,7 +339,8 @@ static int test_a_time(X509_STORE_CTX *ctx, X509 *x509,
     return 0;
 }
 
-static int do_x509_time_tests(CERT_TEST_DATA *tests, size_t ntests, int64_t lower_limit, int64_t upper_limit)
+static int do_x509_time_tests(CERT_TEST_DATA *tests, size_t ntests,
+                              int64_t lower_limit, int64_t upper_limit)
 {
     int ret = 0;
     int failures = 0;