diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-06-17 08:12:19 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-06-22 16:39:26 +0200 |
commit | 11baa470a21b514ab247071e80273ddc0a80c504 (patch) | |
tree | 2cf15bc701207631d43d319f1eb2f670aa8abec6 /crypto/cmp/cmp_msg.c | |
parent | e197158bd5b5a5674b8ea67e838bac47395c66f9 (diff) |
Fix CMP -days option range checking and test failing with enable-ubsan
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12175)
Diffstat (limited to 'crypto/cmp/cmp_msg.c')
-rw-r--r-- | crypto/cmp/cmp_msg.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 9735a1c0b7..bbc3e9157e 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -253,12 +253,17 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid) NULL /* serial */)) goto err; if (ctx->days != 0) { - time_t notBefore, notAfter; - - notBefore = time(NULL); - notAfter = notBefore + 60 * 60 * 24 * ctx->days; - if (!OSSL_CRMF_MSG_set_validity(crm, notBefore, notAfter)) + time_t now = time(NULL); + ASN1_TIME *notBefore = ASN1_TIME_adj(NULL, now, 0, 0); + ASN1_TIME *notAfter = ASN1_TIME_adj(NULL, now, ctx->days, 0); + + if (notBefore == NULL + || notAfter == NULL + || !OSSL_CRMF_MSG_set0_validity(crm, notBefore, notAfter)) { + ASN1_TIME_free(notBefore); + ASN1_TIME_free(notAfter); goto err; + } } /* extensions */ |