Fix CMP -days option range checking and test failing with enable-ubsan

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12175)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-06-17 08:12:19 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-06-22 16:39:26 +0200
commit: 11baa470a21b514ab247071e80273ddc0a80c504 (patch)
tree: 2cf15bc701207631d43d319f1eb2f670aa8abec6 /crypto/cmp/cmp_msg.c
parent: e197158bd5b5a5674b8ea67e838bac47395c66f9 (diff)
1 files changed, 10 insertions, 5 deletions
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 9735a1c0b7..bbc3e9157e 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -253,12 +253,17 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid)
                                             NULL /* serial */))
         goto err;
     if (ctx->days != 0) {
-        time_t notBefore, notAfter;
-
-        notBefore = time(NULL);
-        notAfter = notBefore + 60 * 60 * 24 * ctx->days;
-        if (!OSSL_CRMF_MSG_set_validity(crm, notBefore, notAfter))
+        time_t now = time(NULL);
+        ASN1_TIME *notBefore = ASN1_TIME_adj(NULL, now, 0, 0);
+        ASN1_TIME *notAfter = ASN1_TIME_adj(NULL, now, ctx->days, 0);
+
+        if (notBefore == NULL
+                || notAfter == NULL
+                || !OSSL_CRMF_MSG_set0_validity(crm, notBefore, notAfter)) {
+            ASN1_TIME_free(notBefore);
+            ASN1_TIME_free(notAfter);
             goto err;
+        }
     }
 
     /* extensions */
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-06-17 08:12:19 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-06-22 16:39:26 +0200
commit	11baa470a21b514ab247071e80273ddc0a80c504 (patch)
tree	2cf15bc701207631d43d319f1eb2f670aa8abec6 /crypto/cmp/cmp_msg.c
parent	e197158bd5b5a5674b8ea67e838bac47395c66f9 (diff)