From 115610be49cf1f66d456767cff0990e374861cc7 Mon Sep 17 00:00:00 2001 From: tb Date: Mon, 13 Nov 2023 11:46:24 +0000 Subject: [PATCH] Replace ASN1_time_parse() with ASN1_TIME_to_tm() Like in libtls, we use ASN1_GENERALIZEDTIME_check() to ensure we actually have a GeneralizedTime. ok beck --- usr.sbin/ocspcheck/ocspcheck.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/usr.sbin/ocspcheck/ocspcheck.c b/usr.sbin/ocspcheck/ocspcheck.c index 516642b53f4..234f3d22f63 100644 --- a/usr.sbin/ocspcheck/ocspcheck.c +++ b/usr.sbin/ocspcheck/ocspcheck.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocspcheck.c,v 1.31 2022/12/28 21:30:17 jmc Exp $ */ +/* $OpenBSD: ocspcheck.c,v 1.32 2023/11/13 11:46:24 tb Exp $ */ /* * Copyright (c) 2017,2020 Bob Beck @@ -189,8 +189,9 @@ parse_ocsp_time(ASN1_GENERALIZEDTIME *gt) if (gt == NULL) return -1; /* RFC 6960 specifies that all times in OCSP must be GENERALIZEDTIME */ - if (ASN1_time_parse(gt->data, gt->length, &tm, - V_ASN1_GENERALIZEDTIME) == -1) + if (!ASN1_GENERALIZEDTIME_check(gt)) + return -1; + if (!ASN1_TIME_to_tm(gt, &tm)) return -1; if ((rv = timegm(&tm)) == -1) return -1; -- 2.20.1