Make NEG_PUBKEY_BUG on by default.

ASN1_TIME fixes.

New function c2i_ASN1_OBJECT().

3 files changed, 55 insertions, 33 deletions

diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index bbf9a10ad5..7955e5c2c1 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -138,8 +138,8 @@ DECLARE_ASN1_SET_OF(X509_ALGOR)
 
 typedef struct X509_val_st
 	{
-	ASN1_UTCTIME *notBefore;
-	ASN1_UTCTIME *notAfter;
+	ASN1_TIME *notBefore;
+	ASN1_TIME *notAfter;
 	} X509_VAL;
 
 typedef struct X509_pubkey_st
@@ -323,7 +323,7 @@ DECLARE_STACK_OF(X509_TRUST)
 typedef struct X509_revoked_st
 	{
 	ASN1_INTEGER *serialNumber;
-	ASN1_UTCTIME *revocationDate;
+	ASN1_TIME *revocationDate;
 	STACK_OF(X509_EXTENSION) /* optional */ *extensions;
 	int sequence; /* load sequence */
 	} X509_REVOKED;
@@ -336,8 +336,8 @@ typedef struct X509_crl_info_st
 	ASN1_INTEGER *version;
 	X509_ALGOR *sig_alg;
 	X509_NAME *issuer;
-	ASN1_UTCTIME *lastUpdate;
-	ASN1_UTCTIME *nextUpdate;
+	ASN1_TIME *lastUpdate;
+	ASN1_TIME *nextUpdate;
 	STACK_OF(X509_REVOKED) *revoked;
 	STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
 	} X509_CRL_INFO;
@@ -737,8 +737,8 @@ RSA *RSAPrivateKey_dup(RSA *rsa);
 
 #endif /* !SSLEAY_MACROS */
 
-int		X509_cmp_current_time(ASN1_UTCTIME *s);
-ASN1_UTCTIME *	X509_gmtime_adj(ASN1_UTCTIME *s, long adj);
+int		X509_cmp_current_time(ASN1_TIME *s);
+ASN1_TIME *	X509_gmtime_adj(ASN1_TIME *s, long adj);
 
 const char *	X509_get_default_cert_area(void );
 const char *	X509_get_default_cert_dir(void );
@@ -920,8 +920,8 @@ int 		X509_set_issuer_name(X509 *x, X509_NAME *name);
 X509_NAME *	X509_get_issuer_name(X509 *a);
 int 		X509_set_subject_name(X509 *x, X509_NAME *name);
 X509_NAME *	X509_get_subject_name(X509 *a);
-int 		X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm);
-int 		X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm);
+int 		X509_set_notBefore(X509 *x, ASN1_TIME *tm);
+int 		X509_set_notAfter(X509 *x, ASN1_TIME *tm);
 int 		X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
 EVP_PKEY *	X509_get_pubkey(X509 *x);
 int		X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index add842d17a..aaf61ca062 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -104,36 +104,36 @@ int X509_set_subject_name(X509 *x, X509_NAME *name)
 	return(X509_NAME_set(&x->cert_info->subject,name));
 	}
 
-int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm)
+int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
 	{
-	ASN1_UTCTIME *in;
+	ASN1_TIME *in;
 
 	if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
 	in=x->cert_info->validity->notBefore;
 	if (in != tm)
 		{
-		in=M_ASN1_UTCTIME_dup(tm);
+		in=M_ASN1_TIME_dup(tm);
 		if (in != NULL)
 			{
-			M_ASN1_UTCTIME_free(x->cert_info->validity->notBefore);
+			M_ASN1_TIME_free(x->cert_info->validity->notBefore);
 			x->cert_info->validity->notBefore=in;
 			}
 		}
 	return(in != NULL);
 	}
 
-int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm)
+int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
 	{
-	ASN1_UTCTIME *in;
+	ASN1_TIME *in;
 
 	if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
 	in=x->cert_info->validity->notAfter;
 	if (in != tm)
 		{
-		in=M_ASN1_UTCTIME_dup(tm);
+		in=M_ASN1_TIME_dup(tm);
 		if (in != NULL)
 			{
-			M_ASN1_UTCTIME_free(x->cert_info->validity->notAfter);
+			M_ASN1_TIME_free(x->cert_info->validity->notAfter);
 			x->cert_info->validity->notAfter=in;
 			}
 		}
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index e9311d5ea8..0d5273d51a 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -502,10 +502,10 @@ end:
 	return(ok);
 	}
 
-int X509_cmp_current_time(ASN1_UTCTIME *ctm)
+int X509_cmp_current_time(ASN1_TIME *ctm)
 	{
 	char *str;
-	ASN1_UTCTIME atm;
+	ASN1_TIME atm;
 	time_t offset;
 	char buff1[24],buff2[24],*p;
 	int i,j;
@@ -513,14 +513,32 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
 	p=buff1;
 	i=ctm->length;
 	str=(char *)ctm->data;
-	if ((i < 11) || (i > 17)) return(0);
-	memcpy(p,str,10);
-	p+=10;
-	str+=10;
+	if(ctm->type == V_ASN1_UTCTIME) {
+		if ((i < 11) || (i > 17)) return(0);
+		memcpy(p,str,10);
+		p+=10;
+		str+=10;
+	} else {
+		if(i < 13) return 0;
+		memcpy(p,str,12);
+		p+=12;
+		str+=12;
+	}
 
 	if ((*str == 'Z') || (*str == '-') || (*str == '+'))
 		{ *(p++)='0'; *(p++)='0'; }
-	else	{ *(p++)= *(str++); *(p++)= *(str++); }
+	else
+		{ 
+		*(p++)= *(str++);
+		*(p++)= *(str++);
+		/* Skip any fractional seconds... */
+		if(*str == '.')
+			{
+			str++;
+			while((*str >= '0') && (*str <= '9')) str++;
+			}
+
+	}
 	*(p++)='Z';
 	*(p++)='\0';
 
@@ -535,19 +553,22 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
 		if (*str == '-')
 			offset= -offset;
 		}
-	atm.type=V_ASN1_UTCTIME;
+	atm.type=ctm->type;
 	atm.length=sizeof(buff2);
 	atm.data=(unsigned char *)buff2;
 
 	X509_gmtime_adj(&atm,-offset*60);
 
-	i=(buff1[0]-'0')*10+(buff1[1]-'0');
-	if (i < 50) i+=100; /* cf. RFC 2459 */
-	j=(buff2[0]-'0')*10+(buff2[1]-'0');
-	if (j < 50) j+=100;
+	if(ctm->type == V_ASN1_UTCTIME)
+		{
+		i=(buff1[0]-'0')*10+(buff1[1]-'0');
+		if (i < 50) i+=100; /* cf. RFC 2459 */
+		j=(buff2[0]-'0')*10+(buff2[1]-'0');
+		if (j < 50) j+=100;
 
-	if (i < j) return (-1);
-	if (i > j) return (1);
+		if (i < j) return (-1);
+		if (i > j) return (1);
+		}
 	i=strcmp(buff1,buff2);
 	if (i == 0) /* wait a second then return younger :-) */
 		return(-1);
@@ -555,13 +576,14 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
 		return(i);
 	}
 
-ASN1_UTCTIME *X509_gmtime_adj(ASN1_UTCTIME *s, long adj)
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
 	{
 	time_t t;
 
 	time(&t);
 	t+=adj;
-	return(ASN1_UTCTIME_set(s,t));
+	if(s->type == V_ASN1_UTCTIME) return(ASN1_UTCTIME_set(s,t));
+	return ASN1_GENERALIZEDTIME_set(s, t);
 	}
 
 int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)