diff options
| author | Michael Widenius <monty@askmonty.org> | 2012-08-14 17:23:34 +0300 |
|---|---|---|
| committer | Michael Widenius <monty@askmonty.org> | 2012-08-14 17:23:34 +0300 |
| commit | 60589aeee03949033c66da5c1eae70d4342179fc (patch) | |
| tree | 1cd399dbed17c5c7b4ed16eb7b872dc979af1c93 /extra | |
| parent | b39e6e3d093b45f792959ef06fea1c175263ae1a (diff) | |
| download | mariadb-git-60589aeee03949033c66da5c1eae70d4342179fc.tar.gz | |
Next part of merge. See TODO for details
Diffstat (limited to 'extra')
| -rw-r--r-- | extra/yassl/include/cert_wrapper.hpp | 2 | ||||
| -rw-r--r-- | extra/yassl/include/openssl/prefix_ssl.h | 1 | ||||
| -rw-r--r-- | extra/yassl/include/openssl/ssl.h | 17 | ||||
| -rw-r--r-- | extra/yassl/include/openssl/transport_types.h | 26 | ||||
| -rw-r--r-- | extra/yassl/include/socket_wrapper.hpp | 15 | ||||
| -rw-r--r-- | extra/yassl/include/yassl_int.hpp | 4 | ||||
| -rw-r--r-- | extra/yassl/src/cert_wrapper.cpp | 36 | ||||
| -rw-r--r-- | extra/yassl/src/handshake.cpp | 6 | ||||
| -rw-r--r-- | extra/yassl/src/socket_wrapper.cpp | 76 | ||||
| -rw-r--r-- | extra/yassl/src/ssl.cpp | 41 | ||||
| -rw-r--r-- | extra/yassl/src/yassl_int.cpp | 21 | ||||
| -rw-r--r-- | extra/yassl/taocrypt/include/asn.hpp | 9 | ||||
| -rw-r--r-- | extra/yassl/taocrypt/src/asn.cpp | 90 |
13 files changed, 251 insertions, 93 deletions
diff --git a/extra/yassl/include/cert_wrapper.hpp b/extra/yassl/include/cert_wrapper.hpp index d07e5b627b0..10634692713 100644 --- a/extra/yassl/include/cert_wrapper.hpp +++ b/extra/yassl/include/cert_wrapper.hpp @@ -79,6 +79,7 @@ class CertManager { CertList peerList_; // peer input_buffer peerPublicKey_; X509* peerX509_; // peer's openSSL X509 + X509* selfX509_; // our own openSSL X509 SignatureAlgorithm keyType_; // self key type SignatureAlgorithm peerKeyType_; // peer's key type @@ -105,6 +106,7 @@ public: const opaque* get_peerKey() const; const opaque* get_privateKey() const; X509* get_peerX509() const; + X509* get_selfX509() const; SignatureAlgorithm get_keyType() const; SignatureAlgorithm get_peerKeyType() const; diff --git a/extra/yassl/include/openssl/prefix_ssl.h b/extra/yassl/include/openssl/prefix_ssl.h index 024cb0a9aff..dbe8ac27ad0 100644 --- a/extra/yassl/include/openssl/prefix_ssl.h +++ b/extra/yassl/include/openssl/prefix_ssl.h @@ -179,6 +179,7 @@ #define SSL_get1_session yaSSL_get1_session #define X509_get_notBefore yaX509_get_notBefore #define X509_get_notAfter yaX509_get_notAfter +#define yaSSL_ASN1_TIME_to_string ya_SSL_ASN1_TIME_to_string #define MD4_Init yaMD4_Init #define MD4_Update yaMD4_Update #define MD4_Final yaMD4_Final diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h index 0d99888da88..9104a2f501c 100644 --- a/extra/yassl/include/openssl/ssl.h +++ b/extra/yassl/include/openssl/ssl.h @@ -1,6 +1,5 @@ /* - Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. - Use is subject to license terms. + Copyright (c) 2005, 2011, Oracle and/or its affiliates. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -539,11 +538,23 @@ void MD5_Final(unsigned char*, MD5_CTX*); #define SSL_DEFAULT_CIPHER_LIST "" /* default all */ -/* yaSSL adds */ +/* yaSSL extensions */ int SSL_set_compression(SSL*); /* turn on yaSSL zlib compression */ +char *yaSSL_ASN1_TIME_to_string(ASN1_TIME *time, char *buf, size_t len); +#include "transport_types.h" +/* + Set functions for yaSSL to use in order to send and receive data. + + These hooks are offered in order to enable non-blocking I/O. If + not set, yaSSL defaults to using send() and recv(). + @todo Remove hooks and accompanying code when yaSSL is fixed. +*/ +void yaSSL_transport_set_ptr(SSL *, void *); +void yaSSL_transport_set_recv_function(SSL *, yaSSL_recv_func_t); +void yaSSL_transport_set_send_function(SSL *, yaSSL_send_func_t); #if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE) } /* namespace */ diff --git a/extra/yassl/include/openssl/transport_types.h b/extra/yassl/include/openssl/transport_types.h new file mode 100644 index 00000000000..229d7c14eb3 --- /dev/null +++ b/extra/yassl/include/openssl/transport_types.h @@ -0,0 +1,26 @@ +/* + Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +#ifndef yaSSL_transport_types_h__ +#define yaSSL_transport_types_h__ + +/* Type of transport functions used for sending and receiving data. */ +typedef long (*yaSSL_recv_func_t) (void *, void *, size_t, int); +typedef long (*yaSSL_send_func_t) (void *, const void *, size_t, int); + +#endif diff --git a/extra/yassl/include/socket_wrapper.hpp b/extra/yassl/include/socket_wrapper.hpp index 2372e64e56c..4c61698e7e3 100644 --- a/extra/yassl/include/socket_wrapper.hpp +++ b/extra/yassl/include/socket_wrapper.hpp @@ -1,5 +1,5 @@ /* - Copyright (C) 2000-2007 MySQL AB + Copyright (c) 2005, 2011, Oracle and/or its affiliates. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -54,7 +54,9 @@ typedef unsigned int uint; const int SOCKET_ERROR = -1; #endif - + extern "C" { + #include "openssl/transport_types.h" + } typedef unsigned char byte; @@ -64,6 +66,9 @@ class Socket { socket_t socket_; // underlying socket descriptor bool wouldBlock_; // if non-blocking data, for last read bool nonBlocking_; // is option set + void *ptr_; // Argument to transport function + yaSSL_send_func_t send_func_; // Function to send data + yaSSL_recv_func_t recv_func_; // Function to receive data public: explicit Socket(socket_t s = INVALID_SOCKET); ~Socket(); @@ -72,11 +77,15 @@ public: uint get_ready() const; socket_t get_fd() const; + void set_transport_ptr(void *ptr); + void set_transport_recv_function(yaSSL_recv_func_t recv_func); + void set_transport_send_function(yaSSL_send_func_t send_func); + uint send(const byte* buf, unsigned int len, unsigned int& sent, int flags = 0); uint receive(byte* buf, unsigned int len, int flags = 0); - bool wait(); + bool WouldBlock() const; bool IsNonBlocking() const; diff --git a/extra/yassl/include/yassl_int.hpp b/extra/yassl/include/yassl_int.hpp index e5ee00bc21c..82cadb37c30 100644 --- a/extra/yassl/include/yassl_int.hpp +++ b/extra/yassl/include/yassl_int.hpp @@ -187,7 +187,7 @@ private: class StringHolder { ASN1_STRING asnString_; public: - StringHolder(const char* str, int sz); + StringHolder(const char* str, int sz, byte type= 0); ~StringHolder(); ASN1_STRING* GetString(); @@ -205,7 +205,7 @@ class X509 { StringHolder afterDate_; // not valid after public: X509(const char* i, size_t, const char* s, size_t, - const char* b, int, const char* a, int); + ASN1_STRING *b, ASN1_STRING *a); ~X509() {} X509_NAME* GetIssuer(); diff --git a/extra/yassl/src/cert_wrapper.cpp b/extra/yassl/src/cert_wrapper.cpp index 7e73464001a..e293b80ec04 100644 --- a/extra/yassl/src/cert_wrapper.cpp +++ b/extra/yassl/src/cert_wrapper.cpp @@ -91,7 +91,7 @@ opaque* x509::use_buffer() //CertManager CertManager::CertManager() - : peerX509_(0), verifyPeer_(false), verifyNone_(false), failNoCert_(false), + : peerX509_(0), selfX509_(0), verifyPeer_(false), verifyNone_(false), failNoCert_(false), sendVerify_(false), verifyCallback_(0) {} @@ -99,6 +99,7 @@ CertManager::CertManager() CertManager::~CertManager() { ysDelete(peerX509_); + ysDelete(selfX509_); STL::for_each(signers_.begin(), signers_.end(), del_ptr_zero()) ; @@ -210,6 +211,12 @@ X509* CertManager::get_peerX509() const } +X509* CertManager::get_selfX509() const +{ + return selfX509_; +} + + SignatureAlgorithm CertManager::get_peerKeyType() const { return peerKeyType_; @@ -281,11 +288,15 @@ int CertManager::Validate() size_t iSz = strlen(cert.GetIssuer()) + 1; size_t sSz = strlen(cert.GetCommonName()) + 1; - int bSz = (int)strlen(cert.GetBeforeDate()) + 1; - int aSz = (int)strlen(cert.GetAfterDate()) + 1; + ASN1_STRING beforeDate, afterDate; + beforeDate.data= (unsigned char *) cert.GetBeforeDate(); + beforeDate.type= cert.GetBeforeDateType(); + beforeDate.length= strlen((char *) beforeDate.data) + 1; + afterDate.data= (unsigned char *) cert.GetAfterDate(); + afterDate.type= cert.GetAfterDateType(); + afterDate.length= strlen((char *) afterDate.data) + 1; peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(), - sSz, cert.GetBeforeDate(), bSz, - cert.GetAfterDate(), aSz); + sSz, &beforeDate, &afterDate); if (err == TaoCrypt::SIG_OTHER_E && verifyCallback_) { X509_STORE_CTX store; @@ -320,6 +331,18 @@ int CertManager::SetPrivateKey(const x509& key) keyType_ = rsa_sa_algo; else keyType_ = dsa_sa_algo; + + size_t iSz = strlen(cd.GetIssuer()) + 1; + size_t sSz = strlen(cd.GetCommonName()) + 1; + ASN1_STRING beforeDate, afterDate; + beforeDate.data= (unsigned char *) cd.GetBeforeDate(); + beforeDate.type= cd.GetBeforeDateType(); + beforeDate.length= strlen((char *) beforeDate.data) + 1; + afterDate.data= (unsigned char *) cd.GetAfterDate(); + afterDate.type= cd.GetAfterDateType(); + afterDate.length= strlen((char *) afterDate.data) + 1; + selfX509_ = NEW_YS X509(cd.GetIssuer(), iSz, cd.GetCommonName(), + sSz, &beforeDate, &afterDate); } return 0; } @@ -336,8 +359,7 @@ void CertManager::setPeerX509(X509* x) ASN1_STRING* after = x->GetAfter(); peerX509_ = NEW_YS X509(issuer->GetName(), issuer->GetLength(), - subject->GetName(), subject->GetLength(), (const char*) before->data, - before->length, (const char*) after->data, after->length); + subject->GetName(), subject->GetLength(), before, after); } diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp index c1ee61d043e..fb342a10fd5 100644 --- a/extra/yassl/src/handshake.cpp +++ b/extra/yassl/src/handshake.cpp @@ -1,6 +1,5 @@ /* - Copyright (c) 2005-2008 MySQL AB, 2009 Sun Microsystems, Inc. - Use is subject to license terms. + Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -712,7 +711,8 @@ int DoProcessReply(SSL& ssl) return 0; } uint ready = ssl.getSocket().get_ready(); - if (!ready) return 1; + if (!ready) + ready= 64; // add buffered data if its there input_buffer* buffered = ssl.useBuffers().TakeRawInput(); diff --git a/extra/yassl/src/socket_wrapper.cpp b/extra/yassl/src/socket_wrapper.cpp index d88df13c08e..cf761d912e6 100644 --- a/extra/yassl/src/socket_wrapper.cpp +++ b/extra/yassl/src/socket_wrapper.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -52,11 +52,33 @@ #endif // _WIN32 +namespace { + + +extern "C" long system_recv(void *ptr, void *buf, size_t count, int flags) +{ + yaSSL::socket_t *socket = (yaSSL::socket_t *) ptr; + return ::recv(*socket, reinterpret_cast<char *>(buf), count, flags); +} + + +extern "C" long system_send(void *ptr, const void *buf, size_t count, + int flags) +{ + yaSSL::socket_t *socket = (yaSSL::socket_t *) ptr; + return ::send(*socket, reinterpret_cast<const char *>(buf), count, flags); +} + + +} + + namespace yaSSL { Socket::Socket(socket_t s) - : socket_(s), wouldBlock_(false), nonBlocking_(false) + : socket_(s), wouldBlock_(false), nonBlocking_(false), + ptr_(&socket_), send_func_(system_send), recv_func_(system_recv) {} @@ -108,8 +130,25 @@ uint Socket::get_ready() const return ready; } +void Socket::set_transport_ptr(void *ptr) +{ + ptr_ = ptr; +} + -uint Socket::send(const byte* buf, unsigned int sz, unsigned int& written, +void Socket::set_transport_recv_function(yaSSL_recv_func_t recv_func) +{ + recv_func_ = recv_func; +} + + +void Socket::set_transport_send_function(yaSSL_send_func_t send_func) +{ + send_func_ = send_func; +} + + +uint Socket::send(const byte* buf, unsigned int sz, unsigned int &written, int flags) { const byte* pos = buf; @@ -117,22 +156,23 @@ uint Socket::send(const byte* buf, unsigned int sz, unsigned int& written, wouldBlock_ = false; - while (pos != end) { - int sent = ::send(socket_, reinterpret_cast<const char *>(pos), - static_cast<int>(end - pos), flags); - if (sent == -1) { - if (get_lastError() == SOCKET_EWOULDBLOCK || - get_lastError() == SOCKET_EAGAIN) { - wouldBlock_ = true; // would have blocked this time only - nonBlocking_ = true; // nonblocking, win32 only way to tell - return 0; - } - return static_cast<uint>(-1); + while (pos != end) + { + int sent = send_func_(ptr_, pos, static_cast<int>(end - pos), flags); + if (sent == -1) + { + if (get_lastError() == SOCKET_EWOULDBLOCK || + get_lastError() == SOCKET_EAGAIN) + { + wouldBlock_ = true; // would have blocked this time only + nonBlocking_ = true; // nonblocking, win32 only way to tell + return 0; } - pos += sent; - written += sent; + return static_cast<uint>(-1); + } + pos += sent; + written += sent; } - return sz; } @@ -141,7 +181,7 @@ uint Socket::receive(byte* buf, unsigned int sz, int flags) { wouldBlock_ = false; - int recvd = ::recv(socket_, reinterpret_cast<char *>(buf), sz, flags); + int recvd = recv_func_(ptr_, buf, sz, flags); // idea to seperate error from would block by arnetheduck@gmail.com if (recvd == -1) { diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp index 8401798534b..54cfdbba83c 100644 --- a/extra/yassl/src/ssl.cpp +++ b/extra/yassl/src/ssl.cpp @@ -1,6 +1,5 @@ /* - Copyright (c) 2005-2007 MySQL AB, 2008-2010 Sun Microsystems, Inc. - Use is subject to license terms. + Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -40,6 +39,7 @@ #include "coding.hpp" // HexDecoder #include "helpers.hpp" // for placement new hack #include <stdio.h> +#include <time.h> #ifdef _WIN32 #include <windows.h> // FindFirstFile etc.. @@ -1196,8 +1196,7 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX* ctx, void* userdata) X509* SSL_get_certificate(SSL* ssl) { - // only used to pass to get_privatekey which isn't used - return 0; + return ssl->getCrypto().get_certManager().get_selfX509(); } @@ -1671,7 +1670,6 @@ unsigned long ERR_get_error() // TODO: } - SSL_CIPHER* SSL_get_current_cipher(SSL*) { // TODO: @@ -1685,10 +1683,41 @@ unsigned long ERR_get_error() return 0; } + // end stunnel needs + + char *yaSSL_ASN1_TIME_to_string(ASN1_TIME *time, char *buf, size_t len) + { + tm t; + static const char *month_names[12]= + { + "Jan","Feb","Mar","Apr","May","Jun", + "Jul","Aug","Sep","Oct","Nov","Dec" + }; + + TaoCrypt::ASN1_TIME_extract(time->data, time->type, &t); + snprintf(buf, len, "%s %2d %02d:%02d:%02d %d GMT", + month_names[t.tm_mon], t.tm_mday, t.tm_hour, t.tm_min, + t.tm_sec, t.tm_year + 1900); + return buf; + } - // end stunnel needs + void yaSSL_transport_set_ptr(SSL *ssl, void *ptr) + { + ssl->useSocket().set_transport_ptr(ptr); + } + + + void yaSSL_transport_set_recv_function(SSL *ssl, yaSSL_recv_func_t func) + { + ssl->useSocket().set_transport_recv_function(func); + } + + void yaSSL_transport_set_send_function(SSL *ssl, yaSSL_send_func_t func) + { + ssl->useSocket().set_transport_send_function(func); + } } // extern "C" } // namespace diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp index 65e17b01544..8de24850223 100644 --- a/extra/yassl/src/yassl_int.cpp +++ b/extra/yassl/src/yassl_int.cpp @@ -1459,12 +1459,12 @@ void SSL_SESSION::CopyX509(X509* x) X509_NAME* issuer = x->GetIssuer(); X509_NAME* subject = x->GetSubject(); - ASN1_STRING* before = x->GetBefore(); - ASN1_STRING* after = x->GetAfter(); + ASN1_TIME* before = x->GetBefore(); + ASN1_TIME* after = x->GetAfter(); peerX509_ = NEW_YS X509(issuer->GetName(), issuer->GetLength(), - subject->GetName(), subject->GetLength(), (const char*) before->data, - before->length, (const char*) after->data, after->length); + subject->GetName(), subject->GetLength(), + before, after); } @@ -2412,9 +2412,10 @@ size_t X509_NAME::GetLength() const X509::X509(const char* i, size_t iSz, const char* s, size_t sSz, - const char* b, int bSz, const char* a, int aSz) + ASN1_STRING *b, ASN1_STRING *a) : issuer_(i, iSz), subject_(s, sSz), - beforeDate_(b, bSz), afterDate_(a, aSz) + beforeDate_((char *) b->data, b->length, b->type), + afterDate_((char *) a->data, a->length, a->type) {} @@ -2430,13 +2431,13 @@ X509_NAME* X509::GetSubject() } -ASN1_STRING* X509::GetBefore() +ASN1_TIME* X509::GetBefore() { return beforeDate_.GetString(); } -ASN1_STRING* X509::GetAfter() +ASN1_TIME* X509::GetAfter() { return afterDate_.GetString(); } @@ -2464,12 +2465,12 @@ ASN1_STRING* X509_NAME::GetEntry(int i) } -StringHolder::StringHolder(const char* str, int sz) +StringHolder::StringHolder(const char* str, int sz, byte type) { asnString_.length = sz; asnString_.data = NEW_YS byte[sz + 1]; memcpy(asnString_.data, str, sz); - asnString_.type = 0; // not used for now + asnString_.type = type; } diff --git a/extra/yassl/taocrypt/include/asn.hpp b/extra/yassl/taocrypt/include/asn.hpp index c20387d86c7..d52413b504c 100644 --- a/extra/yassl/taocrypt/include/asn.hpp +++ b/extra/yassl/taocrypt/include/asn.hpp @@ -33,7 +33,7 @@ #else #include "list.hpp" #endif - +#include <time.h> namespace STL = STL_NAMESPACE; @@ -280,7 +280,9 @@ public: const char* GetCommonName() const { return subject_; } const byte* GetHash() const { return subjectHash_; } const char* GetBeforeDate() const { return beforeDate_; } + byte GetBeforeDateType() const { return beforeDateType_; } const char* GetAfterDate() const { return afterDate_; } + byte GetAfterDateType() const { return afterDateType_; } void DecodeToKey(); private: @@ -296,7 +298,9 @@ private: char issuer_[ASN_NAME_MAX]; // Names char subject_[ASN_NAME_MAX]; // Names char beforeDate_[MAX_DATE_SZ]; // valid before date + byte beforeDateType_; // beforeDate time type char afterDate_[MAX_DATE_SZ]; // valid after date + byte afterDateType_; // afterDate time type bool verify_; // Default to yes, but could be off void ReadHeader(); @@ -369,6 +373,9 @@ int GetCert(Source&); // Get Cert in PEM format from pkcs12 file int GetPKCS_Cert(const char* password, Source&); +void ASN1_TIME_extract(const unsigned char* date, unsigned char format, + tm *parsed_time); + } // namespace diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp index a502666d15b..0271891fa53 100644 --- a/extra/yassl/taocrypt/src/asn.cpp +++ b/extra/yassl/taocrypt/src/asn.cpp @@ -33,10 +33,55 @@ #include "coding.hpp" #include <time.h> // gmtime(); #include "memory.hpp" // some auto_ptr don't have reset, also need auto_array - +#include <assert.h> namespace TaoCrypt { +// like atoi but only use first byte +word32 btoi(byte b) +{ + return b - 0x30; +} + + +// two byte date/time, add to value +void GetTime(int *value, const byte* date, int& i) +{ + *value += btoi(date[i++]) * 10; + *value += btoi(date[i++]); +} + + +void ASN1_TIME_extract(const unsigned char* date, unsigned char format, + tm *t) +{ + int i = 0; + memset(t, 0, sizeof (tm)); + + assert(format == UTC_TIME || format == GENERALIZED_TIME); + + if (format == UTC_TIME) { + if (btoi(date[0]) >= 5) + t->tm_year = 1900; + else + t->tm_year = 2000; + } + else { // format == GENERALIZED_TIME + t->tm_year += btoi(date[i++]) * 1000; + t->tm_year += btoi(date[i++]) * 100; + } + + GetTime(&t->tm_year, date, i); t->tm_year -= 1900; // adjust + GetTime(&t->tm_mon, date, i); t->tm_mon -= 1; // adjust + GetTime(&t->tm_mday, date, i); + GetTime(&t->tm_hour, date, i); + GetTime(&t->tm_min, date, i); + GetTime(&t->tm_sec, date, i); + + assert(date[i] == 'Z'); // only Zulu supported for this profile +} + + namespace { // locals @@ -71,52 +116,15 @@ bool operator<(tm& a, tm&b) } -// like atoi but only use first byte -word32 btoi(byte b) -{ - return b - 0x30; -} - - -// two byte date/time, add to value -void GetTime(int& value, const byte* date, int& i) -{ - value += btoi(date[i++]) * 10; - value += btoi(date[i++]); -} - - // Make sure before and after dates are valid bool ValidateDate(const byte* date, byte format, CertDecoder::DateType dt) { tm certTime; - memset(&certTime, 0, sizeof(certTime)); - int i = 0; - - if (format == UTC_TIME) { - if (btoi(date[0]) >= 5) - certTime.tm_year = 1900; - else - certTime.tm_year = 2000; - } - else { // format == GENERALIZED_TIME - certTime.tm_year += btoi(date[i++]) * 1000; - certTime.tm_year += btoi(date[i++]) * 100; - } - - GetTime(certTime.tm_year, date, i); certTime.tm_year -= 1900; // adjust - GetTime(certTime.tm_mon, date, i); certTime.tm_mon -= 1; // adjust - GetTime(certTime.tm_mday, date, i); - GetTime(certTime.tm_hour, date, i); - GetTime(certTime.tm_min, date, i); - GetTime(certTime.tm_sec, date, i); - - if (date[i] != 'Z') // only Zulu supported for this profile - return false; - time_t ltime = time(0); tm* localTime = gmtime(<ime); + ASN1_TIME_extract(date, format, &certTime); + if (dt == CertDecoder::BEFORE) { if (*localTime < certTime) return false; @@ -879,10 +887,12 @@ void CertDecoder::GetDate(DateType dt) if (dt == BEFORE) { memcpy(beforeDate_, date, length); beforeDate_[length] = 0; + beforeDateType_= b; } else { // after memcpy(afterDate_, date, length); afterDate_[length] = 0; + afterDateType_= b; } } |