diff options
author | nelsonb%netscape.com <devnull@localhost> | 2001-06-21 03:20:09 +0000 |
---|---|---|
committer | nelsonb%netscape.com <devnull@localhost> | 2001-06-21 03:20:09 +0000 |
commit | 9199cc803d04a68e06c1d8b6e0ece5c4471f5ce3 (patch) | |
tree | 9d25c0ba475a47f443d0b0edb31e6765c92f9aa8 | |
parent | cdc958d562948b2d5086c4be159f97bb3e6dd517 (diff) | |
download | nss-hg-9199cc803d04a68e06c1d8b6e0ece5c4471f5ce3.tar.gz |
Fix bug 72753. Interpret the "slop time" as seconds, not microseconds.
Also, use type PRTime instead of int64 in relevant places.
-rw-r--r-- | security/nss/lib/certdb/cert.h | 4 | ||||
-rw-r--r-- | security/nss/lib/certdb/certdb.c | 38 | ||||
-rw-r--r-- | security/nss/lib/certdb/certdb.h | 4 |
3 files changed, 26 insertions, 20 deletions
diff --git a/security/nss/lib/certdb/cert.h b/security/nss/lib/certdb/cert.h index 02577a970..5a70d7302 100644 --- a/security/nss/lib/certdb/cert.h +++ b/security/nss/lib/certdb/cert.h @@ -524,7 +524,7 @@ extern void CERT_ClosePermCertDB(CERTCertDBHandle *handle); ** been overridden by the user. */ extern SECCertTimeValidity CERT_CheckCertValidTimes(CERTCertificate *cert, - int64 t, + PRTime t, PRBool allowOverride); /* @@ -544,7 +544,7 @@ extern SECStatus CERT_CertTimesValid(CERTCertificate *cert); ** "notAfter" is the end of the validity period */ extern SECStatus -CERT_GetCertTimes (CERTCertificate *c, int64 *notBefore, int64 *notAfter); +CERT_GetCertTimes (CERTCertificate *c, PRTime *notBefore, PRTime *notAfter); /* ** Extract the issuer and serial number from a certificate diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index 023260635..5eb141378 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -855,17 +855,17 @@ CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER, ** valid. The slop is designed to allow for some variance in the clocks ** of the machine checking the certificate. */ -#define PENDING_SLOP (24L*60L*60L) -static PRInt32 pendingSlop = PENDING_SLOP; +#define PENDING_SLOP (24L*60L*60L) /* seconds per day */ +static PRInt32 pendingSlop = PENDING_SLOP; /* seconds */ PRInt32 CERT_GetSlopTime(void) { - return pendingSlop; + return pendingSlop; /* seconds */ } SECStatus -CERT_SetSlopTime(PRInt32 slop) +CERT_SetSlopTime(PRInt32 slop) /* seconds */ { if (slop < 0) return SECFailure; @@ -874,7 +874,7 @@ CERT_SetSlopTime(PRInt32 slop) } SECStatus -CERT_GetCertTimes(CERTCertificate *c, int64 *notBefore, int64 *notAfter) +CERT_GetCertTimes(CERTCertificate *c, PRTime *notBefore, PRTime *notAfter) { int rv; @@ -897,9 +897,9 @@ CERT_GetCertTimes(CERTCertificate *c, int64 *notBefore, int64 *notAfter) * Check the validity times of a certificate */ SECCertTimeValidity -CERT_CheckCertValidTimes(CERTCertificate *c, int64 t, PRBool allowOverride) +CERT_CheckCertValidTimes(CERTCertificate *c, PRTime t, PRBool allowOverride) { - int64 notBefore, notAfter, llPendingSlop; + PRTime notBefore, notAfter, llPendingSlop, tmp1; SECStatus rv; /* if cert is already marked OK, then don't bother to check */ @@ -914,6 +914,9 @@ CERT_CheckCertValidTimes(CERTCertificate *c, int64 t, PRBool allowOverride) } LL_I2L(llPendingSlop, pendingSlop); + /* convert to micro seconds */ + LL_I2L(tmp1, PR_USEC_PER_SEC); + LL_MUL(llPendingSlop, llPendingSlop, tmp1); LL_SUB(notBefore, notBefore, llPendingSlop); if ( LL_CMP( t, <, notBefore ) ) { PORT_SetError(SEC_ERROR_EXPIRED_CERTIFICATE); @@ -928,7 +931,7 @@ CERT_CheckCertValidTimes(CERTCertificate *c, int64 t, PRBool allowOverride) } SECStatus -SEC_GetCrlTimes(CERTCrl *date, int64 *notBefore, int64 *notAfter) +SEC_GetCrlTimes(CERTCrl *date, PRTime *notBefore, PRTime *notAfter) { int rv; @@ -955,8 +958,8 @@ SEC_GetCrlTimes(CERTCrl *date, int64 *notBefore, int64 *notAfter) * routines using an common extraction routine. */ SECCertTimeValidity -SEC_CheckCrlTimes(CERTCrl *crl, int64 t) { - int64 notBefore, notAfter, llPendingSlop; +SEC_CheckCrlTimes(CERTCrl *crl, PRTime t) { + PRTime notBefore, notAfter, llPendingSlop, tmp1; SECStatus rv; rv = SEC_GetCrlTimes(crl, ¬Before, ¬After); @@ -966,6 +969,9 @@ SEC_CheckCrlTimes(CERTCrl *crl, int64 t) { } LL_I2L(llPendingSlop, pendingSlop); + /* convert to micro seconds */ + LL_I2L(tmp1, PR_USEC_PER_SEC); + LL_MUL(llPendingSlop, llPendingSlop, tmp1); LL_SUB(notBefore, notBefore, llPendingSlop); if ( LL_CMP( t, <, notBefore ) ) { return(secCertTimeNotValidYet); @@ -987,8 +993,8 @@ SEC_CheckCrlTimes(CERTCrl *crl, int64 t) { PRBool SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old) { - int64 newNotBefore, newNotAfter; - int64 oldNotBefore, oldNotAfter; + PRTime newNotBefore, newNotAfter; + PRTime oldNotBefore, oldNotAfter; SECStatus rv; /* problems with the new CRL? reject it */ @@ -1714,7 +1720,7 @@ CERT_IsCADERCert(SECItem *derCert, unsigned int *type) { PRBool CERT_IsNewer(CERTCertificate *certa, CERTCertificate *certb) { - int64 notBeforeA, notAfterA, notBeforeB, notAfterB, now; + PRTime notBeforeA, notAfterA, notBeforeB, notAfterB, now; SECStatus rv; PRBool newerbefore, newerafter; @@ -2121,13 +2127,13 @@ CERT_SortCBValidity(CERTCertificate *certa, CERTCertificate *certb, void *arg) { - int64 sorttime; - int64 notBeforeA, notAfterA, notBeforeB, notAfterB; + PRTime sorttime; + PRTime notBeforeA, notAfterA, notBeforeB, notAfterB; SECStatus rv; PRBool newerbefore, newerafter; PRBool aNotValid = PR_FALSE, bNotValid = PR_FALSE; - sorttime = *(int64 *)arg; + sorttime = *(PRTime *)arg; rv = CERT_GetCertTimes(certa, ¬BeforeA, ¬AfterA); if ( rv != SECSuccess ) { diff --git a/security/nss/lib/certdb/certdb.h b/security/nss/lib/certdb/certdb.h index cdb7cfff8..2d75ee8b5 100644 --- a/security/nss/lib/certdb/certdb.h +++ b/security/nss/lib/certdb/certdb.h @@ -339,10 +339,10 @@ PRBool SEC_CertDBKeyConflict(SECItem *derCert, CERTCertDBHandle *handle); SECStatus -SEC_GetCrlTimes(CERTCrl *dates, int64 *notBefore, int64 *notAfter); +SEC_GetCrlTimes(CERTCrl *dates, PRTime *notBefore, PRTime *notAfter); SECCertTimeValidity -SEC_CheckCrlTimes(CERTCrl *crl, int64 t); +SEC_CheckCrlTimes(CERTCrl *crl, PRTime t); PRBool SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old); |