From 7a62ab42104987e2be7d4cf9d36bc7ed8601faf8 Mon Sep 17 00:00:00 2001 From: tb Date: Mon, 13 Nov 2023 10:56:19 +0000 Subject: [PATCH] Remove last caller of ASN1_time_parse(3) in libtls This one is slightly annoying since ASN1_TIME_to_tm(3) doesn't provide a direct check for a GeneralizedTime, so call ASN1_GENERALIZEDTIME_check() as well. This means LibreSSL parses the time twice. Shrug. ok beck --- lib/libtls/tls_ocsp.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/libtls/tls_ocsp.c b/lib/libtls/tls_ocsp.c index acf6935a520..c7eb3e59869 100644 --- a/lib/libtls/tls_ocsp.c +++ b/lib/libtls/tls_ocsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_ocsp.c,v 1.23 2023/05/14 07:26:25 op Exp $ */ +/* $OpenBSD: tls_ocsp.c,v 1.24 2023/11/13 10:56:19 tb Exp $ */ /* * Copyright (c) 2015 Marko Kreen * Copyright (c) 2016 Bob Beck @@ -64,8 +64,9 @@ tls_ocsp_asn1_parse_time(struct tls *ctx, ASN1_GENERALIZEDTIME *gt, time_t *gt_t if (gt == NULL) return -1; /* RFC 6960 specifies that all times in OCSP must be GENERALIZEDTIME */ - if (ASN1_time_parse(gt->data, gt->length, &tm, - V_ASN1_GENERALIZEDTIME) == -1) + if (!ASN1_GENERALIZEDTIME_check(gt)) + return -1; + if (!ASN1_TIME_to_tm(gt, &tm)) return -1; if ((*gt_time = timegm(&tm)) == -1) return -1; -- 2.20.1